Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
16 vulnerabilities by crater-invoice
CVE-2022-1032 (GCVE-0-2022-1032)
Vulnerability from nvd – Published: 2022-03-29 07:40 – Updated: 2024-08-02 23:47
VLAI
Title
Insecure deserialization of not validated module file in crater-invoice/crater
Summary
Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6.
Severity
7.2 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/cb9a0393-be34-4021-a06… | x_refsource_CONFIRM |
| https://github.com/crater-invoice/crater/commit/7… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| crater-invoice | crater-invoice/crater |
Affected:
unspecified , < 6.0.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/cb9a0393-be34-4021-a06c-00c7791c7622"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/crater-invoice/crater/commit/7cde971f8b79579951df98384a5210d25f698af5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "crater-invoice/crater",
"vendor": "crater-invoice",
"versions": [
{
"lessThan": "6.0.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-29T07:40:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/cb9a0393-be34-4021-a06c-00c7791c7622"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/crater-invoice/crater/commit/7cde971f8b79579951df98384a5210d25f698af5"
}
],
"source": {
"advisory": "cb9a0393-be34-4021-a06c-00c7791c7622",
"discovery": "EXTERNAL"
},
"title": "Insecure deserialization of not validated module file in crater-invoice/crater",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1032",
"STATE": "PUBLIC",
"TITLE": "Insecure deserialization of not validated module file in crater-invoice/crater"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "crater-invoice/crater",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.0.6"
}
]
}
}
]
},
"vendor_name": "crater-invoice"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/cb9a0393-be34-4021-a06c-00c7791c7622",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/cb9a0393-be34-4021-a06c-00c7791c7622"
},
{
"name": "https://github.com/crater-invoice/crater/commit/7cde971f8b79579951df98384a5210d25f698af5",
"refsource": "MISC",
"url": "https://github.com/crater-invoice/crater/commit/7cde971f8b79579951df98384a5210d25f698af5"
}
]
},
"source": {
"advisory": "cb9a0393-be34-4021-a06c-00c7791c7622",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1032",
"datePublished": "2022-03-29T07:40:10.000Z",
"dateReserved": "2022-03-21T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:47:43.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1033 (GCVE-0-2022-1033)
Vulnerability from nvd – Published: 2022-03-23 07:45 – Updated: 2024-08-02 23:47
VLAI
Title
Unrestricted Upload of File with Dangerous Type in crater-invoice/crater
Summary
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6.
Severity
7.2 (High)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/4d7d4fc9-e0cf-42d3-b89… | x_refsource_CONFIRM |
| https://github.com/crater-invoice/crater/commit/8… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| crater-invoice | crater-invoice/crater |
Affected:
unspecified , < 6.0.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/4d7d4fc9-e0cf-42d3-b89c-6ea57a769045"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/crater-invoice/crater/commit/88035ea49082f7053a37ef07bf3587e09d9d22b4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "crater-invoice/crater",
"vendor": "crater-invoice",
"versions": [
{
"lessThan": "6.0.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-23T07:45:13.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/4d7d4fc9-e0cf-42d3-b89c-6ea57a769045"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/crater-invoice/crater/commit/88035ea49082f7053a37ef07bf3587e09d9d22b4"
}
],
"source": {
"advisory": "4d7d4fc9-e0cf-42d3-b89c-6ea57a769045",
"discovery": "EXTERNAL"
},
"title": "Unrestricted Upload of File with Dangerous Type in crater-invoice/crater",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1033",
"STATE": "PUBLIC",
"TITLE": "Unrestricted Upload of File with Dangerous Type in crater-invoice/crater"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "crater-invoice/crater",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.0.6"
}
]
}
}
]
},
"vendor_name": "crater-invoice"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/4d7d4fc9-e0cf-42d3-b89c-6ea57a769045",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/4d7d4fc9-e0cf-42d3-b89c-6ea57a769045"
},
{
"name": "https://github.com/crater-invoice/crater/commit/88035ea49082f7053a37ef07bf3587e09d9d22b4",
"refsource": "MISC",
"url": "https://github.com/crater-invoice/crater/commit/88035ea49082f7053a37ef07bf3587e09d9d22b4"
}
]
},
"source": {
"advisory": "4d7d4fc9-e0cf-42d3-b89c-6ea57a769045",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1033",
"datePublished": "2022-03-23T07:45:13.000Z",
"dateReserved": "2022-03-21T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:47:43.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0515 (GCVE-0-2022-0515)
Vulnerability from nvd – Published: 2022-03-21 18:50 – Updated: 2024-08-02 23:32
VLAI
Title
Cross-Site Request Forgery (CSRF) in crater-invoice/crater
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4.
Severity
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/efb93f1f-1896-4a4c-a05… | x_refsource_CONFIRM |
| https://github.com/crater-invoice/crater/commit/2… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| crater-invoice | crater-invoice/crater |
Affected:
unspecified , < 6.0.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/efb93f1f-1896-4a4c-a059-9ecadac1c4de"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/crater-invoice/crater/commit/2b7028b7c83fd6e8897f244a2e6723baa20479e5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "crater-invoice/crater",
"vendor": "crater-invoice",
"versions": [
{
"lessThan": "6.0.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-21T18:50:22.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/efb93f1f-1896-4a4c-a059-9ecadac1c4de"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/crater-invoice/crater/commit/2b7028b7c83fd6e8897f244a2e6723baa20479e5"
}
],
"source": {
"advisory": "efb93f1f-1896-4a4c-a059-9ecadac1c4de",
"discovery": "EXTERNAL"
},
"title": "Cross-Site Request Forgery (CSRF) in crater-invoice/crater",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0515",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Request Forgery (CSRF) in crater-invoice/crater"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "crater-invoice/crater",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.0.4"
}
]
}
}
]
},
"vendor_name": "crater-invoice"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/efb93f1f-1896-4a4c-a059-9ecadac1c4de",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/efb93f1f-1896-4a4c-a059-9ecadac1c4de"
},
{
"name": "https://github.com/crater-invoice/crater/commit/2b7028b7c83fd6e8897f244a2e6723baa20479e5",
"refsource": "MISC",
"url": "https://github.com/crater-invoice/crater/commit/2b7028b7c83fd6e8897f244a2e6723baa20479e5"
}
]
},
"source": {
"advisory": "efb93f1f-1896-4a4c-a059-9ecadac1c4de",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0515",
"datePublished": "2022-03-21T18:50:22.000Z",
"dateReserved": "2022-02-07T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:32:46.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0514 (GCVE-0-2022-0514)
Vulnerability from nvd – Published: 2022-03-21 18:50 – Updated: 2024-08-02 23:32
VLAI
Title
Business Logic Errors in crater-invoice/crater
Summary
Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5.
Severity
6.5 (Medium)
CWE
- CWE-840 - Business Logic Errors
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/af08000d-9f4a-4743-865… | x_refsource_CONFIRM |
| https://github.com/crater-invoice/crater/commit/f… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| crater-invoice | crater-invoice/crater |
Affected:
unspecified , < 6.0.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/af08000d-9f4a-4743-865d-5d5cdaf7fb27"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/crater-invoice/crater/commit/fadef0ea07d2f7fb3f41c2cae444ebca2f479679"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "crater-invoice/crater",
"vendor": "crater-invoice",
"versions": [
{
"lessThan": "6.0.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "CWE-840 Business Logic Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-21T18:50:16.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/af08000d-9f4a-4743-865d-5d5cdaf7fb27"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/crater-invoice/crater/commit/fadef0ea07d2f7fb3f41c2cae444ebca2f479679"
}
],
"source": {
"advisory": "af08000d-9f4a-4743-865d-5d5cdaf7fb27",
"discovery": "EXTERNAL"
},
"title": "Business Logic Errors in crater-invoice/crater",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0514",
"STATE": "PUBLIC",
"TITLE": "Business Logic Errors in crater-invoice/crater"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "crater-invoice/crater",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.0.5"
}
]
}
}
]
},
"vendor_name": "crater-invoice"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-840 Business Logic Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/af08000d-9f4a-4743-865d-5d5cdaf7fb27",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/af08000d-9f4a-4743-865d-5d5cdaf7fb27"
},
{
"name": "https://github.com/crater-invoice/crater/commit/fadef0ea07d2f7fb3f41c2cae444ebca2f479679",
"refsource": "MISC",
"url": "https://github.com/crater-invoice/crater/commit/fadef0ea07d2f7fb3f41c2cae444ebca2f479679"
}
]
},
"source": {
"advisory": "af08000d-9f4a-4743-865d-5d5cdaf7fb27",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0514",
"datePublished": "2022-03-21T18:50:16.000Z",
"dateReserved": "2022-02-07T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:32:46.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0372 (GCVE-0-2022-0372)
Vulnerability from nvd – Published: 2022-01-27 07:35 – Updated: 2024-08-02 23:25
VLAI
Title
Cross-site Scripting (XSS) - Stored in crater-invoice/crater
Summary
Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior to 6.0.2.
Severity
7.6 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/crater-invoice/crater/commit/c… | x_refsource_MISC |
| https://huntr.dev/bounties/563232b9-5a93-4f4d-838… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| crater-invoice | crater-invoice/crater |
Affected:
unspecified , < 6.0.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/crater-invoice/crater/commit/cdc913d16cf624aee852bc9163a7c6ffc8d1da9d"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/563232b9-5a93-4f4d-8389-ed805b262ef1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "crater-invoice/crater",
"vendor": "crater-invoice",
"versions": [
{
"lessThan": "6.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior to 6.0.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-27T07:35:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/crater-invoice/crater/commit/cdc913d16cf624aee852bc9163a7c6ffc8d1da9d"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/563232b9-5a93-4f4d-8389-ed805b262ef1"
}
],
"source": {
"advisory": "563232b9-5a93-4f4d-8389-ed805b262ef1",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in crater-invoice/crater",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0372",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in crater-invoice/crater"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "crater-invoice/crater",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.0.2"
}
]
}
}
]
},
"vendor_name": "crater-invoice"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior to 6.0.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/crater-invoice/crater/commit/cdc913d16cf624aee852bc9163a7c6ffc8d1da9d",
"refsource": "MISC",
"url": "https://github.com/crater-invoice/crater/commit/cdc913d16cf624aee852bc9163a7c6ffc8d1da9d"
},
{
"name": "https://huntr.dev/bounties/563232b9-5a93-4f4d-8389-ed805b262ef1",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/563232b9-5a93-4f4d-8389-ed805b262ef1"
}
]
},
"source": {
"advisory": "563232b9-5a93-4f4d-8389-ed805b262ef1",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0372",
"datePublished": "2022-01-27T07:35:10.000Z",
"dateReserved": "2022-01-26T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0203 (GCVE-0-2022-0203)
Vulnerability from nvd – Published: 2022-01-26 12:20 – Updated: 2024-08-02 23:18
VLAI
Title
Improper Access Control in crater-invoice/crater
Summary
Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2.
Severity
7.5 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/395fc553-2b90-4e69-ba0… | x_refsource_CONFIRM |
| https://github.com/crater-invoice/crater/commit/d… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| crater-invoice | crater-invoice/crater |
Affected:
unspecified , < 6.0.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:42.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/395fc553-2b90-4e69-ba07-a316e1c06406"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/crater-invoice/crater/commit/dd324c8bb6b17009f82afe8bc830caec7241e992"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "crater-invoice/crater",
"vendor": "crater-invoice",
"versions": [
{
"lessThan": "6.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-26T12:20:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/395fc553-2b90-4e69-ba07-a316e1c06406"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/crater-invoice/crater/commit/dd324c8bb6b17009f82afe8bc830caec7241e992"
}
],
"source": {
"advisory": "395fc553-2b90-4e69-ba07-a316e1c06406",
"discovery": "EXTERNAL"
},
"title": "Improper Access Control in crater-invoice/crater",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0203",
"STATE": "PUBLIC",
"TITLE": "Improper Access Control in crater-invoice/crater"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "crater-invoice/crater",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.0.2"
}
]
}
}
]
},
"vendor_name": "crater-invoice"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/395fc553-2b90-4e69-ba07-a316e1c06406",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/395fc553-2b90-4e69-ba07-a316e1c06406"
},
{
"name": "https://github.com/crater-invoice/crater/commit/dd324c8bb6b17009f82afe8bc830caec7241e992",
"refsource": "MISC",
"url": "https://github.com/crater-invoice/crater/commit/dd324c8bb6b17009f82afe8bc830caec7241e992"
}
]
},
"source": {
"advisory": "395fc553-2b90-4e69-ba07-a316e1c06406",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0203",
"datePublished": "2022-01-26T12:20:10.000Z",
"dateReserved": "2022-01-12T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:18:42.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0242 (GCVE-0-2022-0242)
Vulnerability from nvd – Published: 2022-01-17 18:15 – Updated: 2024-08-02 23:18
VLAI
Title
Unrestricted Upload of File with Dangerous Type in crater-invoice/crater
Summary
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.
Severity
7.2 (High)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/19f3e5f7-b419-44b1-9c3… | x_refsource_CONFIRM |
| https://github.com/crater-invoice/crater/commit/d… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| crater-invoice | crater-invoice/crater |
Affected:
unspecified , < 6.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:42.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/19f3e5f7-b419-44b1-9c37-7e4404cbec94"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/crater-invoice/crater/commit/dcb3ddecb9f4cde622cc42c51a2760747797624f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "crater-invoice/crater",
"vendor": "crater-invoice",
"versions": [
{
"lessThan": "6.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-17T18:15:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/19f3e5f7-b419-44b1-9c37-7e4404cbec94"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/crater-invoice/crater/commit/dcb3ddecb9f4cde622cc42c51a2760747797624f"
}
],
"source": {
"advisory": "19f3e5f7-b419-44b1-9c37-7e4404cbec94",
"discovery": "EXTERNAL"
},
"title": "Unrestricted Upload of File with Dangerous Type in crater-invoice/crater",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0242",
"STATE": "PUBLIC",
"TITLE": "Unrestricted Upload of File with Dangerous Type in crater-invoice/crater"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "crater-invoice/crater",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.0"
}
]
}
}
]
},
"vendor_name": "crater-invoice"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/19f3e5f7-b419-44b1-9c37-7e4404cbec94",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/19f3e5f7-b419-44b1-9c37-7e4404cbec94"
},
{
"name": "https://github.com/crater-invoice/crater/commit/dcb3ddecb9f4cde622cc42c51a2760747797624f",
"refsource": "MISC",
"url": "https://github.com/crater-invoice/crater/commit/dcb3ddecb9f4cde622cc42c51a2760747797624f"
}
]
},
"source": {
"advisory": "19f3e5f7-b419-44b1-9c37-7e4404cbec94",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0242",
"datePublished": "2022-01-17T18:15:11.000Z",
"dateReserved": "2022-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:18:42.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4080 (GCVE-0-2021-4080)
Vulnerability from nvd – Published: 2022-01-12 14:05 – Updated: 2024-08-03 17:16
VLAI
Title
Unrestricted Upload of File with Dangerous Type in crater-invoice/crater
Summary
crater is vulnerable to Unrestricted Upload of File with Dangerous Type
Severity
8.8 (High)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/d7453360-baca-4e56-985… | x_refsource_CONFIRM |
| https://github.com/crater-invoice/crater/commit/c… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| crater-invoice | crater-invoice/crater |
Affected:
unspecified , < 6.0.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:03.708Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/d7453360-baca-4e56-985f-481275fa38db"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/crater-invoice/crater/commit/cdc913d16cf624aee852bc9163a7c6ffc8d1da9d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "crater-invoice/crater",
"vendor": "crater-invoice",
"versions": [
{
"lessThan": "6.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "crater is vulnerable to Unrestricted Upload of File with Dangerous Type"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-12T14:05:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/d7453360-baca-4e56-985f-481275fa38db"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/crater-invoice/crater/commit/cdc913d16cf624aee852bc9163a7c6ffc8d1da9d"
}
],
"source": {
"advisory": "d7453360-baca-4e56-985f-481275fa38db",
"discovery": "EXTERNAL"
},
"title": "Unrestricted Upload of File with Dangerous Type in crater-invoice/crater",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-4080",
"STATE": "PUBLIC",
"TITLE": "Unrestricted Upload of File with Dangerous Type in crater-invoice/crater"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "crater-invoice/crater",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.0.0"
}
]
}
}
]
},
"vendor_name": "crater-invoice"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "crater is vulnerable to Unrestricted Upload of File with Dangerous Type"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/d7453360-baca-4e56-985f-481275fa38db",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/d7453360-baca-4e56-985f-481275fa38db"
},
{
"name": "https://github.com/crater-invoice/crater/commit/cdc913d16cf624aee852bc9163a7c6ffc8d1da9d",
"refsource": "MISC",
"url": "https://github.com/crater-invoice/crater/commit/cdc913d16cf624aee852bc9163a7c6ffc8d1da9d"
}
]
},
"source": {
"advisory": "d7453360-baca-4e56-985f-481275fa38db",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-4080",
"datePublished": "2022-01-12T14:05:10.000Z",
"dateReserved": "2021-12-08T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:16:03.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1032 (GCVE-0-2022-1032)
Vulnerability from cvelistv5 – Published: 2022-03-29 07:40 – Updated: 2024-08-02 23:47
VLAI
Title
Insecure deserialization of not validated module file in crater-invoice/crater
Summary
Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6.
Severity
7.2 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/cb9a0393-be34-4021-a06… | x_refsource_CONFIRM |
| https://github.com/crater-invoice/crater/commit/7… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| crater-invoice | crater-invoice/crater |
Affected:
unspecified , < 6.0.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/cb9a0393-be34-4021-a06c-00c7791c7622"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/crater-invoice/crater/commit/7cde971f8b79579951df98384a5210d25f698af5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "crater-invoice/crater",
"vendor": "crater-invoice",
"versions": [
{
"lessThan": "6.0.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-29T07:40:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/cb9a0393-be34-4021-a06c-00c7791c7622"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/crater-invoice/crater/commit/7cde971f8b79579951df98384a5210d25f698af5"
}
],
"source": {
"advisory": "cb9a0393-be34-4021-a06c-00c7791c7622",
"discovery": "EXTERNAL"
},
"title": "Insecure deserialization of not validated module file in crater-invoice/crater",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1032",
"STATE": "PUBLIC",
"TITLE": "Insecure deserialization of not validated module file in crater-invoice/crater"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "crater-invoice/crater",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.0.6"
}
]
}
}
]
},
"vendor_name": "crater-invoice"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/cb9a0393-be34-4021-a06c-00c7791c7622",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/cb9a0393-be34-4021-a06c-00c7791c7622"
},
{
"name": "https://github.com/crater-invoice/crater/commit/7cde971f8b79579951df98384a5210d25f698af5",
"refsource": "MISC",
"url": "https://github.com/crater-invoice/crater/commit/7cde971f8b79579951df98384a5210d25f698af5"
}
]
},
"source": {
"advisory": "cb9a0393-be34-4021-a06c-00c7791c7622",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1032",
"datePublished": "2022-03-29T07:40:10.000Z",
"dateReserved": "2022-03-21T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:47:43.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1033 (GCVE-0-2022-1033)
Vulnerability from cvelistv5 – Published: 2022-03-23 07:45 – Updated: 2024-08-02 23:47
VLAI
Title
Unrestricted Upload of File with Dangerous Type in crater-invoice/crater
Summary
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6.
Severity
7.2 (High)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/4d7d4fc9-e0cf-42d3-b89… | x_refsource_CONFIRM |
| https://github.com/crater-invoice/crater/commit/8… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| crater-invoice | crater-invoice/crater |
Affected:
unspecified , < 6.0.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/4d7d4fc9-e0cf-42d3-b89c-6ea57a769045"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/crater-invoice/crater/commit/88035ea49082f7053a37ef07bf3587e09d9d22b4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "crater-invoice/crater",
"vendor": "crater-invoice",
"versions": [
{
"lessThan": "6.0.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-23T07:45:13.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/4d7d4fc9-e0cf-42d3-b89c-6ea57a769045"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/crater-invoice/crater/commit/88035ea49082f7053a37ef07bf3587e09d9d22b4"
}
],
"source": {
"advisory": "4d7d4fc9-e0cf-42d3-b89c-6ea57a769045",
"discovery": "EXTERNAL"
},
"title": "Unrestricted Upload of File with Dangerous Type in crater-invoice/crater",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1033",
"STATE": "PUBLIC",
"TITLE": "Unrestricted Upload of File with Dangerous Type in crater-invoice/crater"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "crater-invoice/crater",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.0.6"
}
]
}
}
]
},
"vendor_name": "crater-invoice"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/4d7d4fc9-e0cf-42d3-b89c-6ea57a769045",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/4d7d4fc9-e0cf-42d3-b89c-6ea57a769045"
},
{
"name": "https://github.com/crater-invoice/crater/commit/88035ea49082f7053a37ef07bf3587e09d9d22b4",
"refsource": "MISC",
"url": "https://github.com/crater-invoice/crater/commit/88035ea49082f7053a37ef07bf3587e09d9d22b4"
}
]
},
"source": {
"advisory": "4d7d4fc9-e0cf-42d3-b89c-6ea57a769045",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1033",
"datePublished": "2022-03-23T07:45:13.000Z",
"dateReserved": "2022-03-21T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:47:43.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0515 (GCVE-0-2022-0515)
Vulnerability from cvelistv5 – Published: 2022-03-21 18:50 – Updated: 2024-08-02 23:32
VLAI
Title
Cross-Site Request Forgery (CSRF) in crater-invoice/crater
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4.
Severity
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/efb93f1f-1896-4a4c-a05… | x_refsource_CONFIRM |
| https://github.com/crater-invoice/crater/commit/2… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| crater-invoice | crater-invoice/crater |
Affected:
unspecified , < 6.0.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/efb93f1f-1896-4a4c-a059-9ecadac1c4de"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/crater-invoice/crater/commit/2b7028b7c83fd6e8897f244a2e6723baa20479e5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "crater-invoice/crater",
"vendor": "crater-invoice",
"versions": [
{
"lessThan": "6.0.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-21T18:50:22.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/efb93f1f-1896-4a4c-a059-9ecadac1c4de"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/crater-invoice/crater/commit/2b7028b7c83fd6e8897f244a2e6723baa20479e5"
}
],
"source": {
"advisory": "efb93f1f-1896-4a4c-a059-9ecadac1c4de",
"discovery": "EXTERNAL"
},
"title": "Cross-Site Request Forgery (CSRF) in crater-invoice/crater",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0515",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Request Forgery (CSRF) in crater-invoice/crater"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "crater-invoice/crater",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.0.4"
}
]
}
}
]
},
"vendor_name": "crater-invoice"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/efb93f1f-1896-4a4c-a059-9ecadac1c4de",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/efb93f1f-1896-4a4c-a059-9ecadac1c4de"
},
{
"name": "https://github.com/crater-invoice/crater/commit/2b7028b7c83fd6e8897f244a2e6723baa20479e5",
"refsource": "MISC",
"url": "https://github.com/crater-invoice/crater/commit/2b7028b7c83fd6e8897f244a2e6723baa20479e5"
}
]
},
"source": {
"advisory": "efb93f1f-1896-4a4c-a059-9ecadac1c4de",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0515",
"datePublished": "2022-03-21T18:50:22.000Z",
"dateReserved": "2022-02-07T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:32:46.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0514 (GCVE-0-2022-0514)
Vulnerability from cvelistv5 – Published: 2022-03-21 18:50 – Updated: 2024-08-02 23:32
VLAI
Title
Business Logic Errors in crater-invoice/crater
Summary
Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5.
Severity
6.5 (Medium)
CWE
- CWE-840 - Business Logic Errors
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/af08000d-9f4a-4743-865… | x_refsource_CONFIRM |
| https://github.com/crater-invoice/crater/commit/f… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| crater-invoice | crater-invoice/crater |
Affected:
unspecified , < 6.0.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/af08000d-9f4a-4743-865d-5d5cdaf7fb27"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/crater-invoice/crater/commit/fadef0ea07d2f7fb3f41c2cae444ebca2f479679"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "crater-invoice/crater",
"vendor": "crater-invoice",
"versions": [
{
"lessThan": "6.0.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "CWE-840 Business Logic Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-21T18:50:16.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/af08000d-9f4a-4743-865d-5d5cdaf7fb27"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/crater-invoice/crater/commit/fadef0ea07d2f7fb3f41c2cae444ebca2f479679"
}
],
"source": {
"advisory": "af08000d-9f4a-4743-865d-5d5cdaf7fb27",
"discovery": "EXTERNAL"
},
"title": "Business Logic Errors in crater-invoice/crater",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0514",
"STATE": "PUBLIC",
"TITLE": "Business Logic Errors in crater-invoice/crater"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "crater-invoice/crater",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.0.5"
}
]
}
}
]
},
"vendor_name": "crater-invoice"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-840 Business Logic Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/af08000d-9f4a-4743-865d-5d5cdaf7fb27",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/af08000d-9f4a-4743-865d-5d5cdaf7fb27"
},
{
"name": "https://github.com/crater-invoice/crater/commit/fadef0ea07d2f7fb3f41c2cae444ebca2f479679",
"refsource": "MISC",
"url": "https://github.com/crater-invoice/crater/commit/fadef0ea07d2f7fb3f41c2cae444ebca2f479679"
}
]
},
"source": {
"advisory": "af08000d-9f4a-4743-865d-5d5cdaf7fb27",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0514",
"datePublished": "2022-03-21T18:50:16.000Z",
"dateReserved": "2022-02-07T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:32:46.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0372 (GCVE-0-2022-0372)
Vulnerability from cvelistv5 – Published: 2022-01-27 07:35 – Updated: 2024-08-02 23:25
VLAI
Title
Cross-site Scripting (XSS) - Stored in crater-invoice/crater
Summary
Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior to 6.0.2.
Severity
7.6 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/crater-invoice/crater/commit/c… | x_refsource_MISC |
| https://huntr.dev/bounties/563232b9-5a93-4f4d-838… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| crater-invoice | crater-invoice/crater |
Affected:
unspecified , < 6.0.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/crater-invoice/crater/commit/cdc913d16cf624aee852bc9163a7c6ffc8d1da9d"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/563232b9-5a93-4f4d-8389-ed805b262ef1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "crater-invoice/crater",
"vendor": "crater-invoice",
"versions": [
{
"lessThan": "6.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior to 6.0.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-27T07:35:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/crater-invoice/crater/commit/cdc913d16cf624aee852bc9163a7c6ffc8d1da9d"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/563232b9-5a93-4f4d-8389-ed805b262ef1"
}
],
"source": {
"advisory": "563232b9-5a93-4f4d-8389-ed805b262ef1",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in crater-invoice/crater",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0372",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in crater-invoice/crater"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "crater-invoice/crater",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.0.2"
}
]
}
}
]
},
"vendor_name": "crater-invoice"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior to 6.0.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/crater-invoice/crater/commit/cdc913d16cf624aee852bc9163a7c6ffc8d1da9d",
"refsource": "MISC",
"url": "https://github.com/crater-invoice/crater/commit/cdc913d16cf624aee852bc9163a7c6ffc8d1da9d"
},
{
"name": "https://huntr.dev/bounties/563232b9-5a93-4f4d-8389-ed805b262ef1",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/563232b9-5a93-4f4d-8389-ed805b262ef1"
}
]
},
"source": {
"advisory": "563232b9-5a93-4f4d-8389-ed805b262ef1",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0372",
"datePublished": "2022-01-27T07:35:10.000Z",
"dateReserved": "2022-01-26T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0203 (GCVE-0-2022-0203)
Vulnerability from cvelistv5 – Published: 2022-01-26 12:20 – Updated: 2024-08-02 23:18
VLAI
Title
Improper Access Control in crater-invoice/crater
Summary
Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2.
Severity
7.5 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/395fc553-2b90-4e69-ba0… | x_refsource_CONFIRM |
| https://github.com/crater-invoice/crater/commit/d… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| crater-invoice | crater-invoice/crater |
Affected:
unspecified , < 6.0.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:42.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/395fc553-2b90-4e69-ba07-a316e1c06406"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/crater-invoice/crater/commit/dd324c8bb6b17009f82afe8bc830caec7241e992"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "crater-invoice/crater",
"vendor": "crater-invoice",
"versions": [
{
"lessThan": "6.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-26T12:20:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/395fc553-2b90-4e69-ba07-a316e1c06406"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/crater-invoice/crater/commit/dd324c8bb6b17009f82afe8bc830caec7241e992"
}
],
"source": {
"advisory": "395fc553-2b90-4e69-ba07-a316e1c06406",
"discovery": "EXTERNAL"
},
"title": "Improper Access Control in crater-invoice/crater",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0203",
"STATE": "PUBLIC",
"TITLE": "Improper Access Control in crater-invoice/crater"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "crater-invoice/crater",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.0.2"
}
]
}
}
]
},
"vendor_name": "crater-invoice"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/395fc553-2b90-4e69-ba07-a316e1c06406",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/395fc553-2b90-4e69-ba07-a316e1c06406"
},
{
"name": "https://github.com/crater-invoice/crater/commit/dd324c8bb6b17009f82afe8bc830caec7241e992",
"refsource": "MISC",
"url": "https://github.com/crater-invoice/crater/commit/dd324c8bb6b17009f82afe8bc830caec7241e992"
}
]
},
"source": {
"advisory": "395fc553-2b90-4e69-ba07-a316e1c06406",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0203",
"datePublished": "2022-01-26T12:20:10.000Z",
"dateReserved": "2022-01-12T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:18:42.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0242 (GCVE-0-2022-0242)
Vulnerability from cvelistv5 – Published: 2022-01-17 18:15 – Updated: 2024-08-02 23:18
VLAI
Title
Unrestricted Upload of File with Dangerous Type in crater-invoice/crater
Summary
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.
Severity
7.2 (High)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/19f3e5f7-b419-44b1-9c3… | x_refsource_CONFIRM |
| https://github.com/crater-invoice/crater/commit/d… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| crater-invoice | crater-invoice/crater |
Affected:
unspecified , < 6.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:42.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/19f3e5f7-b419-44b1-9c37-7e4404cbec94"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/crater-invoice/crater/commit/dcb3ddecb9f4cde622cc42c51a2760747797624f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "crater-invoice/crater",
"vendor": "crater-invoice",
"versions": [
{
"lessThan": "6.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-17T18:15:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/19f3e5f7-b419-44b1-9c37-7e4404cbec94"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/crater-invoice/crater/commit/dcb3ddecb9f4cde622cc42c51a2760747797624f"
}
],
"source": {
"advisory": "19f3e5f7-b419-44b1-9c37-7e4404cbec94",
"discovery": "EXTERNAL"
},
"title": "Unrestricted Upload of File with Dangerous Type in crater-invoice/crater",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0242",
"STATE": "PUBLIC",
"TITLE": "Unrestricted Upload of File with Dangerous Type in crater-invoice/crater"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "crater-invoice/crater",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.0"
}
]
}
}
]
},
"vendor_name": "crater-invoice"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/19f3e5f7-b419-44b1-9c37-7e4404cbec94",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/19f3e5f7-b419-44b1-9c37-7e4404cbec94"
},
{
"name": "https://github.com/crater-invoice/crater/commit/dcb3ddecb9f4cde622cc42c51a2760747797624f",
"refsource": "MISC",
"url": "https://github.com/crater-invoice/crater/commit/dcb3ddecb9f4cde622cc42c51a2760747797624f"
}
]
},
"source": {
"advisory": "19f3e5f7-b419-44b1-9c37-7e4404cbec94",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0242",
"datePublished": "2022-01-17T18:15:11.000Z",
"dateReserved": "2022-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:18:42.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4080 (GCVE-0-2021-4080)
Vulnerability from cvelistv5 – Published: 2022-01-12 14:05 – Updated: 2024-08-03 17:16
VLAI
Title
Unrestricted Upload of File with Dangerous Type in crater-invoice/crater
Summary
crater is vulnerable to Unrestricted Upload of File with Dangerous Type
Severity
8.8 (High)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/d7453360-baca-4e56-985… | x_refsource_CONFIRM |
| https://github.com/crater-invoice/crater/commit/c… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| crater-invoice | crater-invoice/crater |
Affected:
unspecified , < 6.0.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:03.708Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/d7453360-baca-4e56-985f-481275fa38db"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/crater-invoice/crater/commit/cdc913d16cf624aee852bc9163a7c6ffc8d1da9d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "crater-invoice/crater",
"vendor": "crater-invoice",
"versions": [
{
"lessThan": "6.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "crater is vulnerable to Unrestricted Upload of File with Dangerous Type"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-12T14:05:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/d7453360-baca-4e56-985f-481275fa38db"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/crater-invoice/crater/commit/cdc913d16cf624aee852bc9163a7c6ffc8d1da9d"
}
],
"source": {
"advisory": "d7453360-baca-4e56-985f-481275fa38db",
"discovery": "EXTERNAL"
},
"title": "Unrestricted Upload of File with Dangerous Type in crater-invoice/crater",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-4080",
"STATE": "PUBLIC",
"TITLE": "Unrestricted Upload of File with Dangerous Type in crater-invoice/crater"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "crater-invoice/crater",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.0.0"
}
]
}
}
]
},
"vendor_name": "crater-invoice"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "crater is vulnerable to Unrestricted Upload of File with Dangerous Type"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/d7453360-baca-4e56-985f-481275fa38db",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/d7453360-baca-4e56-985f-481275fa38db"
},
{
"name": "https://github.com/crater-invoice/crater/commit/cdc913d16cf624aee852bc9163a7c6ffc8d1da9d",
"refsource": "MISC",
"url": "https://github.com/crater-invoice/crater/commit/cdc913d16cf624aee852bc9163a7c6ffc8d1da9d"
}
]
},
"source": {
"advisory": "d7453360-baca-4e56-985f-481275fa38db",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-4080",
"datePublished": "2022-01-12T14:05:10.000Z",
"dateReserved": "2021-12-08T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:16:03.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}