{"vulnerability": "CVE-2022-3890", "sightings": [{"uuid": "73f3bc0f-ba02-449f-a3cc-e885126b5e7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38900", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13525", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-38900\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.\n\ud83d\udccf Published: 2022-11-28T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-25T19:50:41.971Z\n\ud83d\udd17 References:\n1. https://github.com/SamVerschueren/decode-uri-component/issues/5\n2. https://github.com/sindresorhus/query-string/issues/345\n3. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/\n4. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/\n5. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/\n6. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QABOUA2I542UTANVZIVFKWMRYVHLV32D/\n7. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW4SCMT3SEUFVIL7YIADQ5K36GJEO6I5/", "creation_timestamp": "2025-04-25T20:08:07.000000Z"}, {"uuid": "6536d354-ca19-4508-a8fd-88799c391adb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38900", "type": "seen", "source": "https://t.me/cibsecurity/57816", "content": "\u203c CVE-2022-38778 \u203c\n\nA flaw (CVE-2022-38900) was discovered in one of Kibana\u00e2\u20ac\u2122s third party dependencies, that could allow an authenticated user to perform a request that crashes the Kibana server process.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-09T00:25:21.000000Z"}, {"uuid": "12d8b0a7-fc04-436f-8cf9-b22410ca85e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38902", "type": "seen", "source": "https://t.me/cibsecurity/51314", "content": "\u203c CVE-2022-38902 \u203c\n\nA Cross-site scripting (XSS) vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-13T16:27:38.000000Z"}, {"uuid": "cd501db1-d2e9-497e-a125-8652c3853dfa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38900", "type": "seen", "source": "https://t.me/cibsecurity/53564", "content": "\u203c CVE-2022-38900 \u203c\n\ndecode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-28T16:27:59.000000Z"}, {"uuid": "574faaac-215e-4fcd-9290-1a766645f6ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3890", "type": "seen", "source": "https://t.me/cibsecurity/52702", "content": "\u203c CVE-2022-3890 \u203c\n\nHeap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: High)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-09T07:35:45.000000Z"}]}