Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2023-AVI-0337
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un déni de service à distance, une injection de code indirecte à distance (XSS), un contournement de la politique de sécurité et une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
Vendor | Product | Description | ||
---|---|---|---|---|
IBM | Db2 | IBM Db2 Graph versions antérieures à 1.0.0.1562-s390x | ||
IBM | Db2 | IBM Db2 Graph versions antérieures à 1.0.0.1562-ppcle | ||
IBM | Db2 | IBM Db2 versions 11.5.x antérieures à 11.5.7 sans le dernier correctif de sécurité | ||
IBM | Db2 | IBM Db2 versions 10.5.x antérieures à 10.5 FP11 sans le dernier correctif de sécurité | ||
IBM | Db2 | IBM Db2 Graph versions antérieures à 1.0.0.1598-s390x | ||
IBM | Db2 | IBM Db2 Graph versions antérieures à 1.0.0.1598-amd64 | ||
IBM | Db2 | IBM Db2 versions 11.5.x antérieures à 11.5.8 sans le dernier correctif de sécurité | ||
IBM | Db2 | IBM Db2 Graph versions antérieures à 1.0.0.1598-ppcle | ||
IBM | Db2 | IBM Db2 Graph versions antérieures à latest-s390x | ||
IBM | Db2 | IBM Db2 Graph versions antérieures à latest-amd64 | ||
IBM | Db2 | IBM Db2 versions 11.1.x antérieures à 11.1.4 FP7 sans le dernier correctif de sécurité | ||
IBM | Db2 | IBM Db2 Graph versions antérieures à latest-ppcle | ||
IBM | Db2 | IBM Db2 Graph versions antérieures à 1.0.0.1562-amd64 |
References
Title | Publication Time | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "IBM Db2 Graph versions ant\u00e9rieures \u00e0 1.0.0.1562-s390x", "product": { "name": "Db2", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Db2 Graph versions ant\u00e9rieures \u00e0 1.0.0.1562-ppcle", "product": { "name": "Db2", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Db2 versions 11.5.x ant\u00e9rieures \u00e0 11.5.7 sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "Db2", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Db2 versions 10.5.x ant\u00e9rieures \u00e0 10.5 FP11 sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "Db2", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Db2 Graph versions ant\u00e9rieures \u00e0 1.0.0.1598-s390x", "product": { "name": "Db2", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Db2 Graph versions ant\u00e9rieures \u00e0 1.0.0.1598-amd64", "product": { "name": "Db2", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Db2 versions 11.5.x ant\u00e9rieures \u00e0 11.5.8 sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "Db2", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Db2 Graph versions ant\u00e9rieures \u00e0 1.0.0.1598-ppcle", "product": { "name": "Db2", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Db2 Graph versions ant\u00e9rieures \u00e0 latest-s390x", "product": { "name": "Db2", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Db2 Graph versions ant\u00e9rieures \u00e0 latest-amd64", "product": { "name": "Db2", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Db2 versions 11.1.x ant\u00e9rieures \u00e0 11.1.4 FP7 sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "Db2", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Db2 Graph versions ant\u00e9rieures \u00e0 latest-ppcle", "product": { "name": "Db2", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Db2 Graph versions ant\u00e9rieures \u00e0 1.0.0.1562-amd64", "product": { "name": "Db2", "vendor": { "name": "IBM", "scada": false } } } ], "affected_systems_content": null, "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2022-33980", "url": "https://www.cve.org/CVERecord?id=CVE-2022-33980" }, { "name": "CVE-2023-23936", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23936" }, { "name": "CVE-2023-24807", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24807" }, { "name": "CVE-2023-29257", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29257" }, { "name": "CVE-2023-26021", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26021" }, { "name": "CVE-2022-37865", "url": "https://www.cve.org/CVERecord?id=CVE-2022-37865" }, { "name": "CVE-2023-23920", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23920" }, { "name": "CVE-2022-38749", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38749" }, { "name": "CVE-2023-23918", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23918" }, { "name": "CVE-2022-37866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-37866" }, { "name": "CVE-2020-8244", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8244" }, { "name": "CVE-2022-42889", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42889" }, { "name": "CVE-2022-41915", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41915" }, { "name": "CVE-2022-42004", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004" }, { "name": "CVE-2022-25881", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25881" }, { "name": "CVE-2022-41854", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41854" }, { "name": "CVE-2023-23919", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23919" }, { "name": "CVE-2023-29255", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29255" }, { "name": "CVE-2022-25857", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857" }, { "name": "CVE-2022-38751", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38751" }, { "name": "CVE-2022-38752", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38752" }, { "name": "CVE-2022-38750", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38750" }, { "name": "CVE-2022-42003", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003" }, { "name": "CVE-2022-41881", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41881" } ], "initial_release_date": "2023-04-25T00:00:00", "last_revision_date": "2023-04-25T00:00:00", "links": [], "reference": "CERTFR-2023-AVI-0337", "revisions": [ { "description": "Version initiale", "revision_date": "2023-04-25T00:00:00.000000" }, { "description": "Ajout de r\u00e9f\u00e9rence CVE", "revision_date": "2023-04-25T00:00:00.000000" } ], "risks": [ { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Injection de code indirecte \u00e0 distance (XSS)" }, { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits \u003cspan\nclass=\"textit\"\u003eIBM\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un d\u00e9ni de service \u00e0\ndistance, une injection de code indirecte \u00e0 distance (XSS), un\ncontournement de la politique de s\u00e9curit\u00e9 et une ex\u00e9cution de code\narbitraire \u00e0 distance.\n", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 6985691 du 24 avril 2023", "url": "https://www.ibm.com/support/pages/node/6985691" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 6985689 du 24 avril 2023", "url": "https://www.ibm.com/support/pages/node/6985689" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 6985687 du 24 avril 2023", "url": "https://www.ibm.com/support/pages/node/6985687" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 6985681 du 24 avril 2023", "url": "https://www.ibm.com/support/pages/node/6985681" } ] }
CVE-2022-41915 (GCVE-0-2022-41915)
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2025-04-22 15:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not performed, allowing malicious header values in the iterator to perform HTTP Response Splitting. This issue has been patched in version 4.1.86.Final. Integrators can work around the issue by changing the `DefaultHttpHeaders.set(CharSequence, Iterator<?>)` call, into a `remove()` call, and call `add()` in a loop over the iterator of values.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:56:38.478Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/netty/netty/security/advisories/GHSA-hh82-3pmq-7frp" }, { "tags": [ "x_transferred" ], "url": "https://github.com/netty/netty/issues/13084" }, { "tags": [ "x_transferred" ], "url": "https://github.com/netty/netty/pull/12760" }, { "tags": [ "x_transferred" ], "url": "https://github.com/netty/netty/commit/fe18adff1c2b333acb135ab779a3b9ba3295a1c4" }, { "name": "[debian-lts-announce] 20230111 [SECURITY] [DLA 3268-1] netty security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html" }, { "name": "DSA-5316", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5316" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230113-0004/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-41915", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-22T15:39:01.800559Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-22T15:57:32.870Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "netty", "vendor": "netty", "versions": [ { "lessThan": "4.1.86.Final", "status": "affected", "version": "4.1.86.Final", "versionType": "custom" }, { "lessThan": "4.1.83.Final*", "status": "affected", "version": "4.1.83.Final", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not performed, allowing malicious header values in the iterator to perform HTTP Response Splitting. This issue has been patched in version 4.1.86.Final. Integrators can work around the issue by changing the `DefaultHttpHeaders.set(CharSequence, Iterator\u003c?\u003e)` call, into a `remove()` call, and call `add()` in a loop over the iterator of values." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-436", "description": "CWE-436: Interpretation Conflict", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-113", "description": "CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Response Splitting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-13T00:00:00.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "url": "https://github.com/netty/netty/security/advisories/GHSA-hh82-3pmq-7frp" }, { "url": "https://github.com/netty/netty/issues/13084" }, { "url": "https://github.com/netty/netty/pull/12760" }, { "url": "https://github.com/netty/netty/commit/fe18adff1c2b333acb135ab779a3b9ba3295a1c4" }, { "name": "[debian-lts-announce] 20230111 [SECURITY] [DLA 3268-1] netty security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html" }, { "name": "DSA-5316", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5316" }, { "url": "https://security.netapp.com/advisory/ntap-20230113-0004/" } ], "source": { "advisory": "GHSA-hh82-3pmq-7frp", "discovery": "UNKNOWN" } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-41915", "datePublished": "2022-12-13T00:00:00.000Z", "dateReserved": "2022-09-30T00:00:00.000Z", "dateUpdated": "2025-04-22T15:57:32.870Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-8244 (GCVE-0-2020-8244)
Vulnerability from cvelistv5
Published
2020-08-30 13:43
Modified
2024-08-04 09:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-126 - Buffer Over-read ()
Summary
A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.
References
URL | Tags | |||||||
---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T09:56:28.050Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://hackerone.com/reports/966347" }, { "name": "[debian-lts-announce] 20210630 [SECURITY] [DLA 2698-1] node-bl security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00028.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "bl", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in 4.0.3, 3.0.1, 2.2.1, and 1.2.3" } ] } ], "descriptions": [ { "lang": "en", "value": "A buffer over-read vulnerability exists in bl \u003c4.0.3, \u003c3.0.1, \u003c2.2.1, and \u003c1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-126", "description": "Buffer Over-read (CWE-126)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-01T02:06:10", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://hackerone.com/reports/966347" }, { "name": "[debian-lts-announce] 20210630 [SECURITY] [DLA 2698-1] node-bl security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00028.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "support@hackerone.com", "ID": "CVE-2020-8244", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "bl", "version": { "version_data": [ { "version_value": "Fixed in 4.0.3, 3.0.1, 2.2.1, and 1.2.3" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A buffer over-read vulnerability exists in bl \u003c4.0.3, \u003c3.0.1, \u003c2.2.1, and \u003c1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Buffer Over-read (CWE-126)" } ] } ] }, "references": { "reference_data": [ { "name": "https://hackerone.com/reports/966347", "refsource": "MISC", "url": "https://hackerone.com/reports/966347" }, { "name": "[debian-lts-announce] 20210630 [SECURITY] [DLA 2698-1] node-bl security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00028.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2020-8244", "datePublished": "2020-08-30T13:43:55", "dateReserved": "2020-01-28T00:00:00", "dateUpdated": "2024-08-04T09:56:28.050Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-23920 (GCVE-0-2023-23920)
Vulnerability from cvelistv5
Published
2023-02-23 00:00
Modified
2025-04-30 05:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-426 - Untrusted Search Path ()
Summary
An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
NodeJS | Node |
Version: 4.0 ≤ Version: 5.0 ≤ Version: 6.0 ≤ Version: 7.0 ≤ Version: 8.0 ≤ Version: 9.0 ≤ Version: 10.0 ≤ Version: 11.0 ≤ Version: 12.0 ≤ Version: 13.0 ≤ Version: 14.0 ≤ Version: 15.0 ≤ Version: 16.0 ≤ Version: 17.0 ≤ Version: 18.0 ≤ Version: 19.0 ≤ |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:42:27.156Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/" }, { "name": "[debian-lts-announce] 20230226 [SECURITY] [DLA 3344-1] nodejs security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230316-0008/" }, { "name": "DSA-5395", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5395" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-23920", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-03-12T14:22:16.608723Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-426", "description": "CWE-426 Untrusted Search Path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-03-17T18:31:29.432Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Node", "vendor": "NodeJS", "versions": [ { "lessThan": "4.*", "status": "affected", "version": "4.0", "versionType": "semver" }, { "lessThan": "5.*", "status": "affected", "version": "5.0", "versionType": "semver" }, { "lessThan": "6.*", "status": "affected", "version": "6.0", "versionType": "semver" }, { "lessThan": "7.*", "status": "affected", "version": "7.0", "versionType": "semver" }, { "lessThan": "8.*", "status": "affected", "version": "8.0", "versionType": "semver" }, { "lessThan": "9.*", "status": "affected", "version": "9.0", "versionType": "semver" }, { "lessThan": "10.*", "status": "affected", "version": "10.0", "versionType": "semver" }, { "lessThan": "11.*", "status": "affected", "version": "11.0", "versionType": "semver" }, { "lessThan": "12.*", "status": "affected", "version": "12.0", "versionType": "semver" }, { "lessThan": "13.*", "status": "affected", "version": "13.0", "versionType": "semver" }, { "lessThan": "14.21.3", "status": "affected", "version": "14.0", "versionType": "semver" }, { "lessThan": "15.*", "status": "affected", "version": "15.0", "versionType": "semver" }, { "lessThan": "16.19.1", "status": "affected", "version": "16.0", "versionType": "semver" }, { "lessThan": "17.*", "status": "affected", "version": "17.0", "versionType": "semver" }, { "lessThan": "18.14.1", "status": "affected", "version": "18.0", "versionType": "semver" }, { "lessThan": "19.6.1", "status": "affected", "version": "19.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-426", "description": "Untrusted Search Path (CWE-426)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-04-30T05:57:24.758Z", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/" }, { "name": "[debian-lts-announce] 20230226 [SECURITY] [DLA 3344-1] nodejs security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230316-0008/" }, { "name": "DSA-5395", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5395" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2023-23920", "datePublished": "2023-02-23T00:00:00.000Z", "dateReserved": "2023-01-19T00:00:00.000Z", "dateUpdated": "2025-04-30T05:57:24.758Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-23919 (GCVE-0-2023-23919)
Vulnerability from cvelistv5
Published
2023-02-23 00:00
Modified
2025-04-30 05:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-310 - Cryptographic Issues - Generic ()
Summary
A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
NodeJS | Node |
Version: 4.0 ≤ Version: 5.0 ≤ Version: 6.0 ≤ Version: 7.0 ≤ Version: 8.0 ≤ Version: 9.0 ≤ Version: 10.0 ≤ Version: 11.0 ≤ Version: 12.0 ≤ Version: 13.0 ≤ Version: 14.0 ≤ Version: 15.0 ≤ Version: 16.0 ≤ Version: 17.0 ≤ Version: 18.0 ≤ Version: 19.0 ≤ |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:42:26.831Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/" }, { "tags": [ "x_transferred" ], "url": "https://hackerone.com/reports/1808596" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230316-0008/" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-23919", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-03-12T14:26:46.934403Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-03-12T14:28:47.925Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Node", "vendor": "NodeJS", "versions": [ { "lessThan": "4.*", "status": "affected", "version": "4.0", "versionType": "semver" }, { "lessThan": "5.*", "status": "affected", "version": "5.0", "versionType": "semver" }, { "lessThan": "6.*", "status": "affected", "version": "6.0", "versionType": "semver" }, { "lessThan": "7.*", "status": "affected", "version": "7.0", "versionType": "semver" }, { "lessThan": "8.*", "status": "affected", "version": "8.0", "versionType": "semver" }, { "lessThan": "9.*", "status": "affected", "version": "9.0", "versionType": "semver" }, { "lessThan": "10.*", "status": "affected", "version": "10.0", "versionType": "semver" }, { "lessThan": "11.*", "status": "affected", "version": "11.0", "versionType": "semver" }, { "lessThan": "12.*", "status": "affected", "version": "12.0", "versionType": "semver" }, { "lessThan": "13.*", "status": "affected", "version": "13.0", "versionType": "semver" }, { "lessThan": "14.21.3", "status": "affected", "version": "14.0", "versionType": "semver" }, { "lessThan": "15.*", "status": "affected", "version": "15.0", "versionType": "semver" }, { "lessThan": "16.19.1", "status": "affected", "version": "16.0", "versionType": "semver" }, { "lessThan": "17.*", "status": "affected", "version": "17.0", "versionType": "semver" }, { "lessThan": "18.14.1", "status": "affected", "version": "18.0", "versionType": "semver" }, { "lessThan": "19.2.0", "status": "affected", "version": "19.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A cryptographic vulnerability exists in Node.js \u003c19.2.0, \u003c18.14.1, \u003c16.19.1, \u003c14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-310", "description": "Cryptographic Issues - Generic (CWE-310)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-04-30T05:56:08.249Z", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/" }, { "url": "https://hackerone.com/reports/1808596" }, { "url": "https://security.netapp.com/advisory/ntap-20230316-0008/" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2023-23919", "datePublished": "2023-02-23T00:00:00.000Z", "dateReserved": "2023-01-19T00:00:00.000Z", "dateUpdated": "2025-04-30T05:56:08.249Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-42004 (GCVE-0-2022-42004)
Vulnerability from cvelistv5
Published
2022-10-02 00:00
Modified
2024-08-03 12:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.
References
URL | Tags | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:56:39.182Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/FasterXML/jackson-databind/issues/3582" }, { "tags": [ "x_transferred" ], "url": "https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88" }, { "tags": [ "x_transferred" ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490" }, { "name": "GLSA-202210-21", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202210-21" }, { "name": "DSA-5283", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5283" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221118-0008/" }, { "name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-27T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/FasterXML/jackson-databind/issues/3582" }, { "url": "https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88" }, { "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490" }, { "name": "GLSA-202210-21", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202210-21" }, { "name": "DSA-5283", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5283" }, { "url": "https://security.netapp.com/advisory/ntap-20221118-0008/" }, { "name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-42004", "datePublished": "2022-10-02T00:00:00", "dateReserved": "2022-10-02T00:00:00", "dateUpdated": "2024-08-03T12:56:39.182Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-37866 (GCVE-0-2022-37866)
Vulnerability from cvelistv5
Published
2022-11-07 00:00
Modified
2025-05-01 20:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which are valid characters for Ivy coordinates in general - it is possible the artifacts are stored outside of Ivy's local cache or repository or can overwrite different artifacts inside of the local cache. In order to exploit this vulnerability an attacker needs collaboration by the remote repository as Ivy will issue http requests containing ".." sequences and a "normal" repository will not interpret them as part of the artifact coordinates. Users of Apache Ivy 2.0.0 to 2.5.1 should upgrade to Ivy 2.5.1.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Apache Software Foundation | Apache Ivy |
Version: 2.0.0 < unspecified Version: unspecified < |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:37:41.699Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lists.apache.org/thread/htxbr8oc464hxrgroftnz3my70whk93b" }, { "name": "FEDORA-2023-35f775fd6e", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YDIFDL5WSBEKBUVKTABUFDDD25SBNJLS/" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2022-37866", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-05-01T20:46:00.339895Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-05-01T20:46:04.704Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Apache Ivy", "vendor": "Apache Software Foundation", "versions": [ { "lessThan": "unspecified", "status": "affected", "version": "2.0.0", "versionType": "custom" }, { "lessThanOrEqual": "2.5.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "This issue was discovered by Kostya Kortchinsky of the Databricks Security Team." } ], "descriptions": [ { "lang": "en", "value": "When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied \"pattern\" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain \"../\" sequences - which are valid characters for Ivy coordinates in general - it is possible the artifacts are stored outside of Ivy\u0027s local cache or repository or can overwrite different artifacts inside of the local cache. In order to exploit this vulnerability an attacker needs collaboration by the remote repository as Ivy will issue http requests containing \"..\" sequences and a \"normal\" repository will not interpret them as part of the artifact coordinates. Users of Apache Ivy 2.0.0 to 2.5.1 should upgrade to Ivy 2.5.1." } ], "metrics": [ { "other": { "content": { "other": "medium" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-04T00:00:00.000Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "url": "https://lists.apache.org/thread/htxbr8oc464hxrgroftnz3my70whk93b" }, { "name": "FEDORA-2023-35f775fd6e", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YDIFDL5WSBEKBUVKTABUFDDD25SBNJLS/" } ], "source": { "discovery": "UNKNOWN" }, "title": "Apache Ivy allows path traversal in the presence of a malicious repository", "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2022-37866", "datePublished": "2022-11-07T00:00:00.000Z", "dateReserved": "2022-08-08T00:00:00.000Z", "dateUpdated": "2025-05-01T20:46:04.704Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-41881 (GCVE-0-2022-41881)
Vulnerability from cvelistv5
Published
2022-12-12 00:00
Modified
2025-04-22 15:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-674 - Uncontrolled Recursion
Summary
Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:56:38.229Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v" }, { "name": "[debian-lts-announce] 20230111 [SECURITY] [DLA 3268-1] netty security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html" }, { "name": "DSA-5316", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5316" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230113-0004/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-41881", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-22T15:39:04.984423Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-22T15:57:46.309Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "netty", "vendor": "netty", "versions": [ { "status": "affected", "version": "\u003c 4.1.86.Final" } ] } ], "descriptions": [ { "lang": "en", "value": "Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-674", "description": "CWE-674: Uncontrolled Recursion", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-13T00:00:00.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "url": "https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v" }, { "name": "[debian-lts-announce] 20230111 [SECURITY] [DLA 3268-1] netty security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html" }, { "name": "DSA-5316", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5316" }, { "url": "https://security.netapp.com/advisory/ntap-20230113-0004/" } ], "source": { "advisory": "GHSA-fx2c-96vj-985v", "discovery": "UNKNOWN" } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-41881", "datePublished": "2022-12-12T00:00:00.000Z", "dateReserved": "2022-09-30T00:00:00.000Z", "dateUpdated": "2025-04-22T15:57:46.309Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-33980 (GCVE-0-2022-33980)
Vulnerability from cvelistv5
Published
2022-07-06 00:00
Modified
2024-08-03 08:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Insecure interpolation defaults
Summary
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators by default.
References
URL | Tags | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Apache Software Foundation | Apache Commons Configuration |
Version: Apache Commons Configuration < 2.8.0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T08:16:16.672Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lists.apache.org/thread/tdf5n7j80lfxdhs2764vn0xmpfodm87s" }, { "name": "[oss-security] 20220706 CVE-2022-33980: Apache Commons Configuration insecure interpolation defaults", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/07/06/5" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221028-0015/" }, { "name": "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/15/4" }, { "name": "DSA-5290", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5290" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache Commons Configuration", "vendor": "Apache Software Foundation", "versions": [ { "changes": [ { "at": "2.4", "status": "affected" } ], "lessThan": "2.8.0", "status": "affected", "version": "Apache Commons Configuration", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is \"${prefix:name}\", where \"prefix\" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - \"script\" - execute expressions using the JVM script execution engine (javax.script) - \"dns\" - resolve dns records - \"url\" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators by default." } ], "metrics": [ { "other": { "content": { "other": "Moderate" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "description": "Insecure interpolation defaults", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-28T00:00:00", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "url": "https://lists.apache.org/thread/tdf5n7j80lfxdhs2764vn0xmpfodm87s" }, { "name": "[oss-security] 20220706 CVE-2022-33980: Apache Commons Configuration insecure interpolation defaults", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/07/06/5" }, { "url": "https://security.netapp.com/advisory/ntap-20221028-0015/" }, { "name": "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/15/4" }, { "name": "DSA-5290", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5290" } ], "source": { "discovery": "UNKNOWN" }, "title": "Apache Commons Configuration insecure interpolation defaults", "workarounds": [ { "lang": "en", "value": "Upgrade to version Apache Commons Configuration 2.8.0" } ], "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2022-33980", "datePublished": "2022-07-06T00:00:00", "dateReserved": "2022-06-18T00:00:00", "dateUpdated": "2024-08-03T08:16:16.672Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-41854 (GCVE-0-2022-41854)
Vulnerability from cvelistv5
Published
2022-11-11 13:10
Modified
2024-09-16 16:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
References
URL | Tags | |||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:56:38.200Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355" }, { "name": "FEDORA-2022-c01dd659fa", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MKE4XWRXTH32757H7QJU4ACS67DYDCR/" }, { "name": "FEDORA-2022-8a4e8aa190", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSPAJ5Y45A4ZDION2KN5RDWLHK4XKY2J/" }, { "name": "FEDORA-2023-27ec59a486", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DDXEXXWAZGF5AVHIPGFPXIWL6TSMKJE/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240315-0009/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SnakeYaml", "vendor": "SnakeYaml", "versions": [ { "lessThan": "1.32", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2022-09-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-21T19:06:02.723948", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355" }, { "name": "FEDORA-2022-c01dd659fa", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MKE4XWRXTH32757H7QJU4ACS67DYDCR/" }, { "name": "FEDORA-2022-8a4e8aa190", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSPAJ5Y45A4ZDION2KN5RDWLHK4XKY2J/" }, { "name": "FEDORA-2023-27ec59a486", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DDXEXXWAZGF5AVHIPGFPXIWL6TSMKJE/" }, { "url": "https://security.netapp.com/advisory/ntap-20240315-0009/" }, { "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ], "source": { "discovery": "INTERNAL" }, "title": "Stack Overflow in Snakeyaml", "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2022-41854", "datePublished": "2022-11-11T13:10:10.912038Z", "dateReserved": "2022-09-30T00:00:00", "dateUpdated": "2024-09-16T16:24:11.627Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-38752 (GCVE-0-2022-38752)
Vulnerability from cvelistv5
Published
2022-09-05 00:00
Modified
2024-08-03 11:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.
References
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:snakeyaml_project:snakeyaml:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "snakeyaml", "vendor": "snakeyaml_project", "versions": [ { "lessThan": "1.32", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2022-38752", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-22T14:02:33.055634Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-22T14:03:52.086Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-03T11:02:14.529Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47081" }, { "tags": [ "x_transferred" ], "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/531/stackoverflow-oss-fuzz-47081" }, { "name": "GLSA-202305-28", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-28" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240315-0009/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SnakeYAML", "vendor": "snakeyaml", "versions": [ { "lessThanOrEqual": "1.31", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-15T11:06:17.930113", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47081" }, { "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/531/stackoverflow-oss-fuzz-47081" }, { "name": "GLSA-202305-28", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-28" }, { "url": "https://security.netapp.com/advisory/ntap-20240315-0009/" } ], "source": { "discovery": "INTERNAL" }, "title": "DoS in SnakeYAML", "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2022-38752", "datePublished": "2022-09-05T00:00:00", "dateReserved": "2022-08-25T00:00:00", "dateUpdated": "2024-08-03T11:02:14.529Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-38751 (GCVE-0-2022-38751)
Vulnerability from cvelistv5
Published
2022-09-05 00:00
Modified
2025-04-21 13:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
References
URL | Tags | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T11:02:14.576Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47039" }, { "tags": [ "x_transferred" ], "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/530/stackoverflow-oss-fuzz-47039" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3132-1] snakeyaml security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html" }, { "name": "GLSA-202305-28", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-28" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240315-0010/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-38751", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-21T13:36:32.650540Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-21T13:50:22.367Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "SnakeYAML", "vendor": "snakeyaml", "versions": [ { "lessThan": "1.31", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-15T11:06:02.859Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47039" }, { "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/530/stackoverflow-oss-fuzz-47039" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3132-1] snakeyaml security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html" }, { "name": "GLSA-202305-28", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-28" }, { "url": "https://security.netapp.com/advisory/ntap-20240315-0010/" } ], "source": { "discovery": "INTERNAL" }, "title": "DoS in SnakeYAML", "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2022-38751", "datePublished": "2022-09-05T00:00:00.000Z", "dateReserved": "2022-08-25T00:00:00.000Z", "dateUpdated": "2025-04-21T13:50:22.367Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-25857 (GCVE-0-2022-25857)
Vulnerability from cvelistv5
Published
2022-08-30 05:05
Modified
2024-09-16 21:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of Service (DoS)
Summary
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
References
URL | Tags | |||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | org.yaml:snakeyaml |
Version: 0 < unspecified Version: unspecified < 1.31 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:49:44.292Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360" }, { "tags": [ "x_transferred" ], "url": "https://bitbucket.org/snakeyaml/snakeyaml/commits/fc300780da21f4bb92c148bc90257201220cf174" }, { "tags": [ "x_transferred" ], "url": "https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174" }, { "tags": [ "x_transferred" ], "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3132-1] snakeyaml security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240315-0010/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "org.yaml:snakeyaml", "vendor": "n/a", "versions": [ { "lessThan": "unspecified", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "1.31", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "unknown" } ], "datePublic": "2022-08-30T00:00:00", "descriptions": [ { "lang": "en", "value": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service (DoS)", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-15T11:06:01.014562", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk" }, "references": [ { "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360" }, { "url": "https://bitbucket.org/snakeyaml/snakeyaml/commits/fc300780da21f4bb92c148bc90257201220cf174" }, { "url": "https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174" }, { "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3132-1] snakeyaml security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html" }, { "url": "https://security.netapp.com/advisory/ntap-20240315-0010/" } ], "title": "Denial of Service (DoS)" } }, "cveMetadata": { "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2022-25857", "datePublished": "2022-08-30T05:05:11.588462Z", "dateReserved": "2022-02-24T00:00:00", "dateUpdated": "2024-09-16T21:57:41.551Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-29257 (GCVE-0-2023-29257)
Vulnerability from cvelistv5
Published
2023-04-26 12:56
Modified
2025-02-13 16:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- 284 Improper Access Control
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
IBM | Db2 for Linux, UNIX and Windows |
Version: 10.5, 11.1 ,11.5 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:00:16.066Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6985691" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252011" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230511-0010/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-29257", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-31T16:12:24.120987Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-31T16:12:32.106Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Db2 for Linux, UNIX and Windows", "vendor": "IBM", "versions": [ { "status": "affected", "version": "10.5, 11.1 ,11.5" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011." } ], "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "284 Improper Access Control", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-11T14:06:22.206Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/6985691" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252011" }, { "url": "https://security.netapp.com/advisory/ntap-20230511-0010/" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM Db2 code execution", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-29257", "datePublished": "2023-04-26T12:56:10.502Z", "dateReserved": "2023-04-04T18:45:55.862Z", "dateUpdated": "2025-02-13T16:49:05.190Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-42003 (GCVE-0-2022-42003)
Vulnerability from cvelistv5
Published
2022-10-02 00:00
Modified
2024-08-03 12:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
References
URL | Tags | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:56:39.107Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/FasterXML/jackson-databind/issues/3590" }, { "tags": [ "x_transferred" ], "url": "https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33" }, { "tags": [ "x_transferred" ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020" }, { "name": "GLSA-202210-21", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202210-21" }, { "name": "DSA-5283", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5283" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221124-0004/" }, { "name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-20T09:33:08.256001", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/FasterXML/jackson-databind/issues/3590" }, { "url": "https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33" }, { "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020" }, { "name": "GLSA-202210-21", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202210-21" }, { "name": "DSA-5283", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5283" }, { "url": "https://security.netapp.com/advisory/ntap-20221124-0004/" }, { "name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-42003", "datePublished": "2022-10-02T00:00:00", "dateReserved": "2022-10-02T00:00:00", "dateUpdated": "2024-08-03T12:56:39.107Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-29255 (GCVE-0-2023-29255)
Vulnerability from cvelistv5
Published
2023-04-27 12:47
Modified
2025-02-13 16:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. IBM X-Force ID: 251991.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
IBM | DB2 for Linux, UNIX and Windows |
Version: 10.5, 11.1, 11.5 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:00:15.989Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6985687" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251991" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230511-0010/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-29255", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-30T21:00:20.277548Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-30T21:00:24.722Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "DB2 for Linux, UNIX and Windows", "vendor": "IBM", "versions": [ { "status": "affected", "version": "10.5, 11.1, 11.5" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. IBM X-Force ID: 251991." } ], "value": "IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. IBM X-Force ID: 251991." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-11T14:06:15.521Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/6985687" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251991" }, { "url": "https://security.netapp.com/advisory/ntap-20230511-0010/" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM DB2 for Linux, UNIX and Windows denial of service", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-29255", "datePublished": "2023-04-27T12:47:02.803Z", "dateReserved": "2023-04-04T18:45:55.861Z", "dateUpdated": "2025-02-13T16:49:04.007Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-38750 (GCVE-0-2022-38750)
Vulnerability from cvelistv5
Published
2022-09-05 00:00
Modified
2024-11-20 14:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
References
URL | Tags | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T11:02:14.509Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47027" }, { "tags": [ "x_transferred" ], "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/526/stackoverflow-oss-fuzz-47027" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3132-1] snakeyaml security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html" }, { "name": "GLSA-202305-28", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-28" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240315-0010/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-38750", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-15T18:43:03.519813Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-20T14:57:41.651Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "SnakeYAML", "vendor": "snakeyaml", "versions": [ { "lessThan": "1.31", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-15T11:06:04.718916", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47027" }, { "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/526/stackoverflow-oss-fuzz-47027" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3132-1] snakeyaml security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html" }, { "name": "GLSA-202305-28", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-28" }, { "url": "https://security.netapp.com/advisory/ntap-20240315-0010/" } ], "source": { "discovery": "INTERNAL" }, "title": "DoS in SnakeYAML", "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2022-38750", "datePublished": "2022-09-05T00:00:00", "dateReserved": "2022-08-25T00:00:00", "dateUpdated": "2024-11-20T14:57:41.651Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-38749 (GCVE-0-2022-38749)
Vulnerability from cvelistv5
Published
2022-09-05 00:00
Modified
2024-08-03 11:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
References
URL | Tags | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T11:02:14.586Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47024" }, { "tags": [ "x_transferred" ], "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3132-1] snakeyaml security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html" }, { "name": "GLSA-202305-28", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-28" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240315-0010/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SnakeYAML", "vendor": "snakeyaml", "versions": [ { "lessThan": "1.31", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-15T11:05:59.112402", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47024" }, { "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3132-1] snakeyaml security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html" }, { "name": "GLSA-202305-28", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-28" }, { "url": "https://security.netapp.com/advisory/ntap-20240315-0010/" } ], "source": { "discovery": "INTERNAL" }, "title": "DoS in SnakeYAML", "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2022-38749", "datePublished": "2022-09-05T00:00:00", "dateReserved": "2022-08-25T00:00:00", "dateUpdated": "2024-08-03T11:02:14.586Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-42889 (GCVE-0-2022-42889)
Vulnerability from cvelistv5
Published
2022-10-13 00:00
Modified
2024-11-20 16:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Unexpected variable interpolation
Summary
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.
References
URL | Tags | ||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Apache Software Foundation | Apache Commons Text |
Version: unspecified < Version: 1.5 < Apache Commons Text* |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:19:05.212Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om" }, { "name": "[oss-security] 20221013 CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/10/13/4" }, { "name": "[oss-security] 20221017 Re: CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/10/18/1" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221020-0004/" }, { "tags": [ "x_transferred" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022" }, { "name": "GLSA-202301-05", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202301-05" }, { "name": "20230214 OXAS-ADV-2022-0002: OX App Suite Security Advisory", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Feb/3" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/176650/Apache-Commons-Text-1.9-Remote-Code-Execution.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-42889", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-01-24T16:22:10.690380Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-20T16:19:41.416Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Apache Commons Text", "vendor": "Apache Software Foundation", "versions": [ { "lessThanOrEqual": "1.9", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThan": "Apache Commons Text*", "status": "affected", "version": "1.5", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is \"${prefix:name}\", where \"prefix\" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - \"script\" - execute expressions using the JVM script execution engine (javax.script) - \"dns\" - resolve dns records - \"url\" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default." } ], "metrics": [ { "other": { "content": { "other": "important" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "description": "Unexpected variable interpolation", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-19T16:06:47.362105", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om" }, { "name": "[oss-security] 20221013 CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/10/13/4" }, { "name": "[oss-security] 20221017 Re: CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/10/18/1" }, { "url": "https://security.netapp.com/advisory/ntap-20221020-0004/" }, { "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022" }, { "name": "GLSA-202301-05", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202301-05" }, { "name": "20230214 OXAS-ADV-2022-0002: OX App Suite Security Advisory", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2023/Feb/3" }, { "url": "http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html" }, { "url": "http://packetstormsecurity.com/files/176650/Apache-Commons-Text-1.9-Remote-Code-Execution.html" } ], "source": { "discovery": "UNKNOWN" }, "title": "Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults", "workarounds": [ { "lang": "en", "value": "Upgrade to Apache Commons Text 1.10.0." } ], "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2022-42889", "datePublished": "2022-10-13T00:00:00", "dateReserved": "2022-10-12T00:00:00", "dateUpdated": "2024-11-20T16:19:41.416Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-37865 (GCVE-0-2022-37865)
Vulnerability from cvelistv5
Published
2022-11-07 00:00
Modified
2025-05-02 18:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- allow create/overwrite any file on the syste
Summary
With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. For artifacts using the "zip", "jar" or "war" packaging Ivy prior to 2.5.1 doesn't verify the target path when extracting the archive. An archive containing absolute paths or paths that try to traverse "upwards" using ".." sequences can then write files to any location on the local fie system that the user executing Ivy has write access to. Ivy users of version 2.4.0 to 2.5.0 should upgrade to Ivy 2.5.1.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Apache Software Foundation | Apache Ivy |
Version: 2.4.0 < unspecified Version: unspecified < |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:37:41.641Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lists.apache.org/thread/gqvvv7qsm2dfjg6xzsw1s2h08tbr0sdy" }, { "name": "FEDORA-2023-35f775fd6e", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YDIFDL5WSBEKBUVKTABUFDDD25SBNJLS/" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2022-37865", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-05-02T18:34:25.664772Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-05-02T18:35:06.895Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Apache Ivy", "vendor": "Apache Software Foundation", "versions": [ { "lessThan": "unspecified", "status": "affected", "version": "2.4.0", "versionType": "custom" }, { "lessThanOrEqual": "2.5.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "This issue was discovered by Kostya Kortchinsky of the Databricks Security Team." } ], "descriptions": [ { "lang": "en", "value": "With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. For artifacts using the \"zip\", \"jar\" or \"war\" packaging Ivy prior to 2.5.1 doesn\u0027t verify the target path when extracting the archive. An archive containing absolute paths or paths that try to traverse \"upwards\" using \"..\" sequences can then write files to any location on the local fie system that the user executing Ivy has write access to. Ivy users of version 2.4.0 to 2.5.0 should upgrade to Ivy 2.5.1." } ], "metrics": [ { "other": { "content": { "other": "medium" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "description": "allow create/overwrite any file on the syste", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-04T00:00:00.000Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "url": "https://lists.apache.org/thread/gqvvv7qsm2dfjg6xzsw1s2h08tbr0sdy" }, { "name": "FEDORA-2023-35f775fd6e", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YDIFDL5WSBEKBUVKTABUFDDD25SBNJLS/" } ], "source": { "discovery": "UNKNOWN" }, "title": "Apache Ivy allows creating/overwriting any file on the system", "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2022-37865", "datePublished": "2022-11-07T00:00:00.000Z", "dateReserved": "2022-08-08T00:00:00.000Z", "dateUpdated": "2025-05-02T18:35:06.895Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-23918 (GCVE-0-2023-23918)
Vulnerability from cvelistv5
Published
2023-02-23 00:00
Modified
2025-05-08 16:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Privilege Escalation (CAPEC-233)
Summary
A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
NodeJS | Node |
Version: 4.0 ≤ Version: 5.0 ≤ Version: 6.0 ≤ Version: 7.0 ≤ Version: 8.0 ≤ Version: 9.0 ≤ Version: 10.0 ≤ Version: 11.0 ≤ Version: 12.0 ≤ Version: 13.0 ≤ Version: 14.0 ≤ Version: 15.0 ≤ Version: 16.0 ≤ Version: 17.0 ≤ Version: 18.0 ≤ Version: 19.0 ≤ |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:42:27.095Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230316-0008/" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-23918", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-03-12T17:47:16.492191Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-05-08T16:15:23.012Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Node", "vendor": "NodeJS", "versions": [ { "lessThan": "4.*", "status": "affected", "version": "4.0", "versionType": "semver" }, { "lessThan": "5.*", "status": "affected", "version": "5.0", "versionType": "semver" }, { "lessThan": "6.*", "status": "affected", "version": "6.0", "versionType": "semver" }, { "lessThan": "7.*", "status": "affected", "version": "7.0", "versionType": "semver" }, { "lessThan": "8.*", "status": "affected", "version": "8.0", "versionType": "semver" }, { "lessThan": "9.*", "status": "affected", "version": "9.0", "versionType": "semver" }, { "lessThan": "10.*", "status": "affected", "version": "10.0", "versionType": "semver" }, { "lessThan": "11.*", "status": "affected", "version": "11.0", "versionType": "semver" }, { "lessThan": "12.*", "status": "affected", "version": "12.0", "versionType": "semver" }, { "lessThan": "13.*", "status": "affected", "version": "13.0", "versionType": "semver" }, { "lessThan": "14.21.3", "status": "affected", "version": "14.0", "versionType": "semver" }, { "lessThan": "15.*", "status": "affected", "version": "15.0", "versionType": "semver" }, { "lessThan": "16.19.1", "status": "affected", "version": "16.0", "versionType": "semver" }, { "lessThan": "17.*", "status": "affected", "version": "17.0", "versionType": "semver" }, { "lessThan": "18.14.1", "status": "affected", "version": "18.0", "versionType": "semver" }, { "lessThan": "19.6.1", "status": "affected", "version": "19.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy." } ], "problemTypes": [ { "descriptions": [ { "description": "Privilege Escalation (CAPEC-233)", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2025-04-30T05:55:44.344Z", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/" }, { "url": "https://security.netapp.com/advisory/ntap-20230316-0008/" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2023-23918", "datePublished": "2023-02-23T00:00:00.000Z", "dateReserved": "2023-01-19T00:00:00.000Z", "dateUpdated": "2025-05-08T16:15:23.012Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-23936 (GCVE-0-2023-23936)
Vulnerability from cvelistv5
Published
2023-02-16 17:30
Modified
2025-03-10 21:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
Summary
Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect `host` HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the `headers.host` string before passing to undici.
References
URL | Tags | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:49:07.624Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff" }, { "name": "https://github.com/nodejs/undici/commit/a2eff05401358f6595138df963837c24348f2034", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/nodejs/undici/commit/a2eff05401358f6595138df963837c24348f2034" }, { "name": "https://hackerone.com/reports/1820955", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://hackerone.com/reports/1820955" }, { "name": "https://github.com/nodejs/undici/releases/tag/v5.19.1", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/nodejs/undici/releases/tag/v5.19.1" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-23936", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-03-10T21:01:48.996014Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-03-10T21:10:26.495Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "undici", "vendor": "nodejs", "versions": [ { "status": "affected", "version": "\u003e=2.0.0, \u003c 5.19.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect `host` HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the `headers.host` string before passing to undici." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-93", "description": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-16T17:30:23.968Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff" }, { "name": "https://github.com/nodejs/undici/commit/a2eff05401358f6595138df963837c24348f2034", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/nodejs/undici/commit/a2eff05401358f6595138df963837c24348f2034" }, { "name": "https://hackerone.com/reports/1820955", "tags": [ "x_refsource_MISC" ], "url": "https://hackerone.com/reports/1820955" }, { "name": "https://github.com/nodejs/undici/releases/tag/v5.19.1", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/nodejs/undici/releases/tag/v5.19.1" } ], "source": { "advisory": "GHSA-5r9g-qh6m-jxff", "discovery": "UNKNOWN" }, "title": "CRLF Injection in Nodejs \u2018undici\u2019 via host" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-23936", "datePublished": "2023-02-16T17:30:23.968Z", "dateReserved": "2023-01-19T21:12:31.361Z", "dateUpdated": "2025-03-10T21:10:26.495Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-25881 (GCVE-0-2022-25881)
Vulnerability from cvelistv5
Published
2023-01-31 05:00
Modified
2025-03-27 17:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1333 - Regular Expression Denial of Service (ReDoS)
Summary
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
References
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
n/a | http-cache-semantics |
Version: 0 ≤ |
|||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:49:44.438Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783" }, { "tags": [ "x_transferred" ], "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3253332" }, { "tags": [ "x_transferred" ], "url": "https://github.com/kornelski/http-cache-semantics/blob/master/index.js%23L83" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230622-0008/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-25881", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-03-27T17:16:22.393784Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1333", "description": "CWE-1333 Inefficient Regular Expression Complexity", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-03-27T17:16:32.835Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "http-cache-semantics", "vendor": "n/a", "versions": [ { "lessThan": "4.1.1", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "product": "org.webjars.npm:http-cache-semantics", "vendor": "n/a", "versions": [ { "lessThan": "4.1.1", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "value": "Carter Snook" } ], "descriptions": [ { "lang": "en", "value": "This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1333", "description": "Regular Expression Denial of Service (ReDoS)", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-22T14:06:15.662Z", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk" }, "references": [ { "url": "https://security.snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783" }, { "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3253332" }, { "url": "https://github.com/kornelski/http-cache-semantics/blob/master/index.js%23L83" }, { "url": "https://security.netapp.com/advisory/ntap-20230622-0008/" } ] } }, "cveMetadata": { "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2022-25881", "datePublished": "2023-01-31T05:00:01.220Z", "dateReserved": "2022-02-24T11:58:26.944Z", "dateUpdated": "2025-03-27T17:16:32.835Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-26021 (GCVE-0-2023-26021)
Vulnerability from cvelistv5
Published
2023-04-28 18:23
Modified
2025-02-13 16:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. IBM X-Force ID: 247864.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
IBM | DB2 for Linux, UNIX and Windows |
Version: 11.1, 11.5 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:39:06.632Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6985681" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247864" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230511-0010/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-26021", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-30T20:04:01.574745Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-30T20:04:09.674Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "DB2 for Linux, UNIX and Windows", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.1, 11.5" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. IBM X-Force ID: 247864." } ], "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. IBM X-Force ID: 247864." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-11T14:06:19.508Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/6985681" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247864" }, { "url": "https://security.netapp.com/advisory/ntap-20230511-0010/" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM Db2 denial of service", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-26021", "datePublished": "2023-04-28T18:23:40.507Z", "dateReserved": "2023-02-17T18:40:48.572Z", "dateUpdated": "2025-02-13T16:44:41.403Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-24807 (GCVE-0-2023-24807)
Vulnerability from cvelistv5
Published
2023-02-16 17:30
Modified
2025-03-10 21:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.
References
URL | Tags | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:03:19.291Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://security.netapp.com/advisory/ntap-20230324-0010/" }, { "name": "https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w" }, { "name": "https://github.com/nodejs/undici/commit/f2324e549943f0b0937b09fb1c0c16cc7c93abdf", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/nodejs/undici/commit/f2324e549943f0b0937b09fb1c0c16cc7c93abdf" }, { "name": "https://github.com/nodejs/undici/releases/tag/v5.19.1", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/nodejs/undici/releases/tag/v5.19.1" }, { "name": "https://hackerone.com/bugs?report_id=1784449", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://hackerone.com/bugs?report_id=1784449" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-24807", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-03-10T20:58:28.706642Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-03-10T21:10:32.171Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "undici", "vendor": "nodejs", "versions": [ { "status": "affected", "version": "\u003c 5.19.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-16T17:30:19.923Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w" }, { "name": "https://github.com/nodejs/undici/commit/f2324e549943f0b0937b09fb1c0c16cc7c93abdf", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/nodejs/undici/commit/f2324e549943f0b0937b09fb1c0c16cc7c93abdf" }, { "name": "https://github.com/nodejs/undici/releases/tag/v5.19.1", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/nodejs/undici/releases/tag/v5.19.1" }, { "name": "https://hackerone.com/bugs?report_id=1784449", "tags": [ "x_refsource_MISC" ], "url": "https://hackerone.com/bugs?report_id=1784449" } ], "source": { "advisory": "GHSA-r6ch-mqf9-qc9w", "discovery": "UNKNOWN" }, "title": "Undici vulnerable to Regular Expression Denial of Service in Headers" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-24807", "datePublished": "2023-02-16T17:30:19.923Z", "dateReserved": "2023-01-30T14:43:33.703Z", "dateUpdated": "2025-03-10T21:10:32.171Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…