Vulnerabilities - Checkmarx

Disclosed Vulnerabilities

Checkmarx Zero is working on making the world a safer place by finding, disclosing, and helping to fix open-source vulnerabilities.

Learn More
cx_zero_vulnerabilities_hero_visual2
All Threats 135
Critical 41
High 37
Medium 55
Low 2
Publication date
CVE ID
Name
CVE Score
Vulnerability page

Sort by:

Publication date
Publication date
Publication date
CVE ID
CVE ID
CVE Score
CVE Score

Date

2024-12-12

CVE ID

CVE-2024-8374

Name

Code Injection in UltiMaker Cura

CVE SCORE

Summary

A Code Injection vulnerability in the file ThreeMFReader.py allows attackers to distribute malicious models which will trigger code injection vulnerabilities. This issue affects UltiMaker Cura: from v5.7.0-beta.1 through v5.8.0-beta.1

Properties

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Code Injection in UltiMaker Cura

SUMMARY

A Code Injection vulnerability in the file ThreeMFReader.py allows attackers to distribute malicious models which will trigger code injection vulnerabilities. This issue affects UltiMaker Cura: from v5.7.0-beta.1 through v5.8.0-beta.1

PROPERTIES

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

21 Oct 2024

CVE ID

CVE-2023-49089

Name

Path Traversal on Package Name in @umbraco/Umbraco-CMS

CVE SCORE

Summary

The `Create Package` functionality in the `@umbraco/Umbraco-CMS` package contains a path traversal vulnerability that allows a user to specify a relative or absolute path as the package name. This can result in the creation or overwriting of files outside the intended directory. The issue has been addressed by sanitizing the package name input to prevent path traversal. The fix was released in the following versions: 8.18.10, 10.8.1 and 12.3.4.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: None

FULL VULNERABILITY NAME

Path Traversal on Package Name in @umbraco/Umbraco-CMS

SUMMARY

The `Create Package` functionality in the `@umbraco/Umbraco-CMS` package contains a path traversal vulnerability that allows a user to specify a relative or absolute path as the package name. This can result in the creation or overwriting of files outside the intended directory. The issue has been addressed by sanitizing the package name input to prevent path traversal. The fix was released in the following versions: 8.18.10, 10.8.1 and 12.3.4.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: None

Date

23 Sep 2024

CVE ID

CVE-2023-48313

Name

DOM-XSS in Login Functionality in @umbraco/Umbraco-CMS

CVE SCORE

Summary

The package `@umbraco/Umbraco-CMS` contains a DOM-based XSS vulnerability in the login functionality. The vulnerability occurs in the `login.controller.js` file, where a user-supplied `returnPath` parameter is not properly validated, allowing for the injection of malicious JavaScript. Attackers can exploit this by crafting a URL that triggers XSS once a user logs in, potentially gaining access to elevated privileges if an administrator uses the malicious link. The issue was addressed in Umbraco versions 10.8.1 and 12.3.4 by validating the `returnPath` parameter.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

DOM-XSS in Login Functionality in @umbraco/Umbraco-CMS

SUMMARY

The package `@umbraco/Umbraco-CMS` contains a DOM-based XSS vulnerability in the login functionality. The vulnerability occurs in the `login.controller.js` file, where a user-supplied `returnPath` parameter is not properly validated, allowing for the injection of malicious JavaScript. Attackers can exploit this by crafting a URL that triggers XSS once a user logs in, potentially gaining access to elevated privileges if an administrator uses the malicious link. The issue was addressed in Umbraco versions 10.8.1 and 12.3.4 by validating the `returnPath` parameter.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None

Date

23 Sep 2024

CVE ID

CVE-2024-35218

Name

Stored XSS on Content Page Through Markdown Editor Preview Pane in @umbraco/Umbraco-CMS

CVE SCORE

Summary

A stored XSS vulnerability exists in the Content page of `@umbraco/Umbraco-CMS` through the Markdown Editor’s preview pane. This vulnerability allows an attacker with Editor permissions to inject arbitrary JavaScript into the markdown content. When an administrator reviews or publishes this page, the XSS is triggered, leading to a full compromise of the application. The issue was fixed by sanitizing the HTML content before rendering it in the preview pane. The fix was released in the following versions: 8.18.13, 10.8.4, 12.3.7 and 13.1.1

Properties

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: High
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

FULL VULNERABILITY NAME

Stored XSS on Content Page Through Markdown Editor Preview Pane in @umbraco/Umbraco-CMS

SUMMARY

A stored XSS vulnerability exists in the Content page of `@umbraco/Umbraco-CMS` through the Markdown Editor’s preview pane. This vulnerability allows an attacker with Editor permissions to inject arbitrary JavaScript into the markdown content. When an administrator reviews or publishes this page, the XSS is triggered, leading to a full compromise of the application. The issue was fixed by sanitizing the HTML content before rendering it in the preview pane. The fix was released in the following versions: 8.18.13, 10.8.4, 12.3.7 and 13.1.1

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: High
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Date

23 Sep 2024

CVE ID

CVE-2024-35239

Name

Stored XSS on Title and Description Component of Umbraco Forms

CVE SCORE

Summary

A stored XSS vulnerability exists in the `Title and Description` component of the Umbraco Forms package. Users with access to edit forms can inject arbitrary JavaScript into the `BodyText` and `CaptionTag` fields, which are rendered as HTML when the form is displayed. The fix was released in the following versions: 13.0.1, 12.2.2, 10.5.3 and 8.13.13.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None

FULL VULNERABILITY NAME

Stored XSS on Title and Description Component of Umbraco Forms

SUMMARY

A stored XSS vulnerability exists in the `Title and Description` component of the Umbraco Forms package. Users with access to edit forms can inject arbitrary JavaScript into the `BodyText` and `CaptionTag` fields, which are rendered as HTML when the form is displayed. The fix was released in the following versions: 13.0.1, 12.2.2, 10.5.3 and 8.13.13.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None

Date

23 Sep 2024

CVE ID

CVE-2024-35240

Name

Stored XSS on Print Functionality in Umbraco Commerce

CVE SCORE

Summary

The package `Umbraco Commerce` contains a stored XSS vulnerability in the Print functionality. When a user submits arbitrary JavaScript within the Billing/Shipping information during a purchase, this payload is stored and executed when an admin attempts to print the order in the backoffice. This can lead to the execution of malicious code with the possibility of privilege escalation or data compromise. The issue was addressed by sanitizing the user input before rendering the print page. The fix was released in the following versions: 12.1.4 and 10.0.5.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

Stored XSS on Print Functionality in Umbraco Commerce

SUMMARY

The package `Umbraco Commerce` contains a stored XSS vulnerability in the Print functionality. When a user submits arbitrary JavaScript within the Billing/Shipping information during a purchase, this payload is stored and executed when an admin attempts to print the order in the backoffice. This can lead to the execution of malicious code with the possibility of privilege escalation or data compromise. The issue was addressed by sanitizing the user input before rendering the print page. The fix was released in the following versions: 12.1.4 and 10.0.5.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Date

14 Jun 2024

CVE ID

CVE-2024-5685

Name

Broken Function Level Authorization (BFLA) in snipe/snipe-it

CVE SCORE

Summary

Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call. This issue affects snipe-it: from v4.6.17 through v6.4.1.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: Low

FULL VULNERABILITY NAME

Broken Function Level Authorization (BFLA) in snipe/snipe-it

SUMMARY

Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call. This issue affects snipe-it: from v4.6.17 through v6.4.1.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: Low

Date

10 May 2024

CVE ID

CVE-2024-34349

Name

Stored Cross-Site Scripting (XSS) in sylius/sylius

CVE SCORE

Summary

The sylius package is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability in various components of the Admin panel.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

Stored Cross-Site Scripting (XSS) in sylius/sylius

SUMMARY

The sylius package is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability in various components of the Admin panel.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Date

29 Apr 2024

CVE ID

CVE-2024-4068

Name

Memory Exhaustion in braces

CVE SCORE

Summary

The NPM package `braces` fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js`, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

FULL VULNERABILITY NAME

Memory Exhaustion in braces

SUMMARY

The NPM package `braces` fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js`, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Date

28 Apr 2024

CVE ID

CVE-2024-4067

Name

Regular Expression Denial of Service (ReDoS) in micromatch

CVE SCORE

Summary

The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything, which can cause the application to hang or slow down. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to its greedy matching. This issue was fixed in version 4.0.8.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

FULL VULNERABILITY NAME

Regular Expression Denial of Service (ReDoS) in micromatch

SUMMARY

The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything, which can cause the application to hang or slow down. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to its greedy matching. This issue was fixed in version 4.0.8.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Date

4 Apr 2024

CVE ID

CVE-2024-31217

Name

Denial-of-Service via Improper Exception Handling in @strapi/plugin-upload

CVE SCORE

Summary

The Strapi Web Application is missing input validation in its file upload feature in versions prior to 4.22.0 which leads to Denial of Service. This vulnerability allows an attacker to crash the node server, affecting either development and production environments.

Properties

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

FULL VULNERABILITY NAME

Denial-of-Service via Improper Exception Handling in @strapi/plugin-upload

SUMMARY

The Strapi Web Application is missing input validation in its file upload feature in versions prior to 4.22.0 which leads to Denial of Service. This vulnerability allows an attacker to crash the node server, affecting either development and production environments.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Date

2 Jan 2024

CVE ID

CVE-2023-50447

Name

Arbitrary Code Execution in Pillow

CVE SCORE

Summary

A critical security flaw is present in the Python `Pillow` package in versions prior to 10.2.0. If an attacker has control over the keys passed to the environment argument of `PIL.ImageMath.eval()`, they may be able to execute arbitrary code. To prevent this, keys matching the names of builtins and keys containing double underscores will now raise a `ValueError`.

Properties

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Arbitrary Code Execution in Pillow

SUMMARY

A critical security flaw is present in the Python `Pillow` package in versions prior to 10.2.0. If an attacker has control over the keys passed to the environment argument of `PIL.ImageMath.eval()`, they may be able to execute arbitrary code. To prevent this, keys matching the names of builtins and keys containing double underscores will now raise a `ValueError`.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

26 Sep 2023

CVE ID

CVE-2023-46495

Name

Reflected XSS in Front Store in @evershop/evershop

CVE SCORE

Summary

EverShop Web Application in versions prior to 1.0.0-rc.8 contains a Reflected Cross-Site Scripting (XSS) vulnerability. Attackers can exploit this issue by adding a second "sortBy" parameter to the request. This unexpected behavior will return the second "sortBy" value in the page's code, potentially enabling the successful execution of XSS payloads.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

Reflected XSS in Front Store in @evershop/evershop

SUMMARY

EverShop Web Application in versions prior to 1.0.0-rc.8 contains a Reflected Cross-Site Scripting (XSS) vulnerability. Attackers can exploit this issue by adding a second "sortBy" parameter to the request. This unexpected behavior will return the second "sortBy" value in the page's code, potentially enabling the successful execution of XSS payloads.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Date

25 Sep 2023

CVE ID

CVE-2023-46496

Name

Arbitrary File Deletion (via Relative Path Traversal) in @evershop/evershop

CVE SCORE

Summary

EverShop web application in versions prior to 1.0.0-rc.8 is missing input validation in the function 'unlinkSync' in 'deleteFile.js', leading to a Relative Path Traversal vulnerability that enables arbitrary file deletion. This vulnerability extends beyond path traversal since the endpoint "/api/files" allows "DELETE" requests which then allow for file deletion across the filesystem.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Arbitrary File Deletion (via Relative Path Traversal) in @evershop/evershop

SUMMARY

EverShop web application in versions prior to 1.0.0-rc.8 is missing input validation in the function 'unlinkSync' in 'deleteFile.js', leading to a Relative Path Traversal vulnerability that enables arbitrary file deletion. This vulnerability extends beyond path traversal since the endpoint "/api/files" allows "DELETE" requests which then allow for file deletion across the filesystem.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: High

Date

25 Sep 2023

CVE ID

CVE-2023-46497

Name

Arbitrary Folder Creation (via Relative Path Traversal) in @evershop/evershop

CVE SCORE

Summary

EverShop web application in versions prior to 1.0.0-rc.8 is missing input validation in the function 'mkdirSync' in 'createFolder.js', leading to a Relative Path Traversal vulnerability that enables arbitrary folder creation. From the feature for adding an image to a Product's "Description" field, attackers can create a new folder in unintended locations by navigating backward with "../", potentially affecting system processes.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

Arbitrary Folder Creation (via Relative Path Traversal) in @evershop/evershop

SUMMARY

EverShop web application in versions prior to 1.0.0-rc.8 is missing input validation in the function 'mkdirSync' in 'createFolder.js', leading to a Relative Path Traversal vulnerability that enables arbitrary folder creation. From the feature for adding an image to a Product's "Description" field, attackers can create a new folder in unintended locations by navigating backward with "../", potentially affecting system processes.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None

Date

25 Sep 2023

CVE ID

CVE-2023-46498

Name

Broken Function Level Authorization in @evershop/evershop

CVE SCORE

Summary

A Broken Function Level Authorization vulnerability in the "route.json" file of the EverShop web application in versions prior to 1.0.0-rc.8 allows unauthenticated attackers to delete customer accounts through a publicly accessible GraphQL endpoint. Attackers can chain this with another vulnerability found in the GraphQL schema, first by querying the schema to identify the "Customer" object and get the relevant "uuid" of a user. Then the attackers are able to send a DELETE request to the unprotected endpoint, resulting in the successful deletion of the user account. This was fixed by closing public access to the endpoint so it requires users to be authenticated with 'admin' credentials in order to request it.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Broken Function Level Authorization in @evershop/evershop

SUMMARY

A Broken Function Level Authorization vulnerability in the "route.json" file of the EverShop web application in versions prior to 1.0.0-rc.8 allows unauthenticated attackers to delete customer accounts through a publicly accessible GraphQL endpoint. Attackers can chain this with another vulnerability found in the GraphQL schema, first by querying the schema to identify the "Customer" object and get the relevant "uuid" of a user. Then the attackers are able to send a DELETE request to the unprotected endpoint, resulting in the successful deletion of the user account. This was fixed by closing public access to the endpoint so it requires users to be authenticated with 'admin' credentials in order to request it.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: High

Date

25 Sep 2023

CVE ID

CVE-2023-46493

Name

Directories List (via Relative Path Traversal) in @evershop/evershop

CVE SCORE

Summary

The EverShop Web Application is missing input validation in the function 'readdirSync' in 'browser.js' in versions prior to 1.0.0-rc.8 which leads to Relative Path Traversal. This vulnerability allows an attacker to list all the folders and files on the filesystem through the API endpoint '/api/files'.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

FULL VULNERABILITY NAME

Directories List (via Relative Path Traversal) in @evershop/evershop

SUMMARY

The EverShop Web Application is missing input validation in the function 'readdirSync' in 'browser.js' in versions prior to 1.0.0-rc.8 which leads to Relative Path Traversal. This vulnerability allows an attacker to list all the folders and files on the filesystem through the API endpoint '/api/files'.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Date

25 Aug 2023

CVE ID

CVE-2023-46942

Name

Lack of Authentication on GraphQL Endpoints in @evershop/evershop

CVE SCORE

Summary

Lack of authentication in GraphQL in the EverShop Web Application in versions prior to 1.0.0-rc.8 allows any user to access sensitive data without proper authorization.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

FULL VULNERABILITY NAME

Lack of Authentication on GraphQL Endpoints in @evershop/evershop

SUMMARY

Lack of authentication in GraphQL in the EverShop Web Application in versions prior to 1.0.0-rc.8 allows any user to access sensitive data without proper authorization.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Date

25 Aug 2023

CVE ID

CVE-2023-46943

Name

Insecure JWT – Hardcoded HMAC Secret in @evershop/evershop

CVE SCORE

Summary

A critical security flaw is present in the EverShop Web Application in versions prior to 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWTs), allowing them access to important information and actions within the application. This vulnerability has been fixed by implementing session authentication.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: None

FULL VULNERABILITY NAME

Insecure JWT – Hardcoded HMAC Secret in @evershop/evershop

SUMMARY

A critical security flaw is present in the EverShop Web Application in versions prior to 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWTs), allowing them access to important information and actions within the application. This vulnerability has been fixed by implementing session authentication.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: None

Date

1 Jul 2023

CVE ID

CVE-2023-44271

Name

Denial of Service (DoS) in Pillow

CVE SCORE

Summary

Python's package Pillow prior to 10.0.0 allows attackers to cause a Denial of Service when using arbitrary strings as text input in "ImageFont" methods that calculate text size or render text to an image. The number of characters passed to these methods is not properly checked, potentially causing a service to crash by having it run out of memory.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

FULL VULNERABILITY NAME

Denial of Service (DoS) in Pillow

SUMMARY

Python's package Pillow prior to 10.0.0 allows attackers to cause a Denial of Service when using arbitrary strings as text input in "ImageFont" methods that calculate text size or render text to an image. The number of characters passed to these methods is not properly checked, potentially causing a service to crash by having it run out of memory.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Date

27 Apr 2023

CVE ID

CVE-2023-46494

Name

Reflected XSS in Admin Panel in @evershop/evershop

CVE SCORE

Summary

EverShop Web Application in versions prior to 1.0.0-rc.5 contains a Reflected Cross-Site Scripting (XSS) vulnerability in the Admin Panel. This security flaw allows attackers to inject malicious code into the application's admin panel, particularly in the "Product Name" and "SKU" input fields when searching for products, leading to the execution of unauthorized JavaScript code in the browser. Other similar input fields are also affected.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

Reflected XSS in Admin Panel in @evershop/evershop

SUMMARY

EverShop Web Application in versions prior to 1.0.0-rc.5 contains a Reflected Cross-Site Scripting (XSS) vulnerability in the Admin Panel. This security flaw allows attackers to inject malicious code into the application's admin panel, particularly in the "Product Name" and "SKU" input fields when searching for products, leading to the execution of unauthorized JavaScript code in the browser. Other similar input fields are also affected.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Date

27 Apr 2023

CVE ID

CVE-2023-46499

Name

Stored XSS in Admin Panel in @evershop/evershop

CVE SCORE

Summary

EverShop Web Application in versions prior to 1.0.0-rc.5 contains a Stored Cross-Site Scripting (XSS) vulnerability affecting various functionalities of the Admin Panel. Attackers can particularly inject malicious code during the creation of new products. The registration of users is also affected, which means that an unauthenticated user could store malicious code during registration which will affect administrators that visit the users' section. The latter could lead to more serious attack vectors, including account takeover.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: None

FULL VULNERABILITY NAME

Stored XSS in Admin Panel in @evershop/evershop

SUMMARY

EverShop Web Application in versions prior to 1.0.0-rc.5 contains a Stored Cross-Site Scripting (XSS) vulnerability affecting various functionalities of the Admin Panel. Attackers can particularly inject malicious code during the creation of new products. The registration of users is also affected, which means that an unauthenticated user could store malicious code during registration which will affect administrators that visit the users' section. The latter could lead to more serious attack vectors, including account takeover.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: None

Date

30 Oct 2022

CVE ID

CVE-2022-44143

Name

Arbitrary File Write (via Path Traversal) in nopCommerce

CVE SCORE

Summary

A path traversal vulnerability leads to arbitrary file write in nopCommerce version 4.50.3 and below

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None

FULL VULNERABILITY NAME

Arbitrary File Write (via Path Traversal) in nopCommerce

SUMMARY

A path traversal vulnerability leads to arbitrary file write in nopCommerce version 4.50.3 and below

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None

Date

12 Sep 2022

CVE ID

CVE-2022-0436

Name

Path Traversal in gruntjs/grunt

CVE SCORE

Summary

Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.

Properties

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

FULL VULNERABILITY NAME

Path Traversal in gruntjs/grunt

SUMMARY

Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.

PROPERTIES

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Date

12 Sep 2022

CVE ID

CVE-2022-1537

Name

Arbitrary File Write gruntjs/grunt

CVE SCORE

Summary

Arbitrary File Write in gruntjs/grunt prior to 1.5.3.

Properties

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Arbitrary File Write gruntjs/grunt

SUMMARY

Arbitrary File Write in gruntjs/grunt prior to 1.5.3.

PROPERTIES

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

12 Sep 2022

CVE ID

N/A

Name

Authentication Bypass by Primary Weakness in parse-url

CVE SCORE

Summary

Authentication Bypass by Primary Weakness in parse-url through 6.0.0, and versions 6.0.2, 6.0.3, 6.0.5

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: None

FULL VULNERABILITY NAME

Authentication Bypass by Primary Weakness in parse-url

SUMMARY

Authentication Bypass by Primary Weakness in parse-url through 6.0.0, and versions 6.0.2, 6.0.3, 6.0.5

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: None

Date

12 Sep 2022

CVE ID

N/A

Name

Exposure of Sensitive Information to an Unauthorized Actor in parse-url

CVE SCORE

Summary

Exposure of Sensitive Information to an Unauthorized Actor in parse-url version 6.0.2 and prior to 6.0.1.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

FULL VULNERABILITY NAME

Exposure of Sensitive Information to an Unauthorized Actor in parse-url

SUMMARY

Exposure of Sensitive Information to an Unauthorized Actor in parse-url version 6.0.2 and prior to 6.0.1.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Date

12 Sep 2022

CVE ID

N/A

Name

Improper Input Validation in parse-url

CVE SCORE

Summary

Improper Input Validation in parse-url through 6.0.0, and versions 6.0.2, 6.0.3, 6.0.5

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

Improper Input Validation in parse-url

SUMMARY

Improper Input Validation in parse-url through 6.0.0, and versions 6.0.2, 6.0.3, 6.0.5

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Date

12 Sep 2022

CVE ID

N/A

Name

Hostname Spoofing via Improper Input Validation in parse-url

CVE SCORE

Summary

Hostname Spoofing via Improper Input Validation in parse-url through 6.0.0, and versions 6.0.2, 6.0.3, 6.0.5

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

FULL VULNERABILITY NAME

Hostname Spoofing via Improper Input Validation in parse-url

SUMMARY

Hostname Spoofing via Improper Input Validation in parse-url through 6.0.0, and versions 6.0.2, 6.0.3, 6.0.5

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

Date

12 Sep 2022

CVE ID

N/A

Name

Open Redirect in parse-url

CVE SCORE

Summary

Open Redirect in parse-url through 6.0.0, and versions 6.0.2, 6.0.3, 6.0.5

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

Open Redirect in parse-url

SUMMARY

Open Redirect in parse-url through 6.0.0, and versions 6.0.2, 6.0.3, 6.0.5

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None

Date

12 Sep 2022

CVE ID

N/A

Name

Whitelist bypasses in parse-url

CVE SCORE

Summary

Malicious usage of '+' in protocol can lead to whitelist bypasses in parse-url through 6.0.0, and versions 6.0.2, 6.0.3, 6.0.5

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

Whitelist bypasses in parse-url

SUMMARY

Malicious usage of '+' in protocol can lead to whitelist bypasses in parse-url through 6.0.0, and versions 6.0.2, 6.0.3, 6.0.5

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None

Date

12 Sep 2022

CVE ID

N/A

Name

Whitelist bypasses in parse-url

CVE SCORE

Summary

'?' before the '@' sign in HTTP URLs allows whitelist bypasses in parse-url through 6.0.0, and versions 6.0.2, 6.0.3, 6.0.5

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

Whitelist bypasses in parse-url

SUMMARY

'?' before the '@' sign in HTTP URLs allows whitelist bypasses in parse-url through 6.0.0, and versions 6.0.2, 6.0.3, 6.0.5

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None

Date

12 Sep 2022

CVE ID

CVE-2022-29248

Name

Set cookie for different domain in guzzle/guzzle

CVE SCORE

Summary

Set cookie for different domain in guzzle/guzzle prior 6.5.6 and 7.x prior to 7.4.3

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: None

FULL VULNERABILITY NAME

Set cookie for different domain in guzzle/guzzle

SUMMARY

Set cookie for different domain in guzzle/guzzle prior 6.5.6 and 7.x prior to 7.4.3

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: None

Date

12 Sep 2022

CVE ID

CVE-2022-31042

Name

Unvalidated Follow Redirects in guzzle/guzzle

CVE SCORE

Summary

Unvalidated Follow Redirects in guzzle/guzzle prior to 6.5.7 and 7.x prior to 7.4.4.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

FULL VULNERABILITY NAME

Unvalidated Follow Redirects in guzzle/guzzle

SUMMARY

Unvalidated Follow Redirects in guzzle/guzzle prior to 6.5.7 and 7.x prior to 7.4.4.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Date

12 Sep 2022

CVE ID

CVE-2022-31043

Name

Failure to strip Authentication header on HTTP downgrade in guzzle/guzzle

CVE SCORE

Summary

Failure to strip Authentication header on HTTP downgrade in guzzle/guzzle prior to 6.5.7 and 7.x prior to 7.4.4

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

FULL VULNERABILITY NAME

Failure to strip Authentication header on HTTP downgrade in guzzle/guzzle

SUMMARY

Failure to strip Authentication header on HTTP downgrade in guzzle/guzzle prior to 6.5.7 and 7.x prior to 7.4.4

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Date

12 Sep 2022

CVE ID

CVE-2022-28803

Name

Stored XSS in silverstripe/silverstripe-framework

CVE SCORE

Summary

Stored XSS in silverstripe/silverstripe-framework versions 4.x.x prior to 4.10.9.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

Stored XSS in silverstripe/silverstripe-framework

SUMMARY

Stored XSS in silverstripe/silverstripe-framework versions 4.x.x prior to 4.10.9.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Date

12 Sep 2022

CVE ID

CVE-2022-29858

Name

Cross-Site Scripting in silverstripe/silverstripe-assets

CVE SCORE

Summary

Cross-Site Scripting in silverstripe/silverstripe-assets through 1.10.0.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None

FULL VULNERABILITY NAME

Cross-Site Scripting in silverstripe/silverstripe-assets

SUMMARY

Cross-Site Scripting in silverstripe/silverstripe-assets through 1.10.0.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None

Date

12 Sep 2022

CVE ID

N/A

Name

ReDoS vulnerability in GitPython

CVE SCORE

Summary

A ReDoS (Regular Expression Denial of Service) vulnerability exists in GitPython before 3.1.27.

Properties

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: High
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

FULL VULNERABILITY NAME

ReDoS vulnerability in GitPython

SUMMARY

A ReDoS (Regular Expression Denial of Service) vulnerability exists in GitPython before 3.1.27.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: High
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Date

12 Sep 2022

CVE ID

CVE-2022-1996

Name

Authorization Bypass Through User-Controlled Key in emicklei/go-restful.

CVE SCORE

Summary

Authorization Bypass Through User-Controlled Key in emicklei/go-restful prior to version 3.8.0.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: None

FULL VULNERABILITY NAME

Authorization Bypass Through User-Controlled Key in emicklei/go-restful.

SUMMARY

Authorization Bypass Through User-Controlled Key in emicklei/go-restful prior to version 3.8.0.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: None

Date

12 Sep 2022

CVE ID

CVE-2022-2217

Name

Cross-site Scripting (XSS) in parse-url

CVE SCORE

Summary

Cross-site Scripting (XSS) in parse-url prior to version 6.0.0 and in 6.0.2.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

Cross-site Scripting (XSS) in parse-url

SUMMARY

Cross-site Scripting (XSS) in parse-url prior to version 6.0.0 and in 6.0.2.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Date

21 Jul 2022

CVE ID

CVE-2022-31091

Name

Sensitive header uncleared on same-host, cross-port redirect in guzzle/guzzle

CVE SCORE

Summary

Sensitive headers are uncleared on cross-port redirect

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

FULL VULNERABILITY NAME

Sensitive header uncleared on same-host, cross-port redirect in guzzle/guzzle

SUMMARY

Sensitive headers are uncleared on cross-port redirect

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Date

21 Jul 2022

CVE ID

CVE-2022-2218

Name

Cross Site Scripting in ionicabizau/parse-url

CVE SCORE

Summary

spoofing of the javascript protocol itself

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

Cross Site Scripting in ionicabizau/parse-url

SUMMARY

spoofing of the javascript protocol itself

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Date

21 Jul 2022

CVE ID

CVE-2022-2216

Name

SSRF via Improper Input Validation in ionicabizau/parse-url

CVE SCORE

Summary

Hostname is not detected because of improper handling of username and password. (Based on real cases)

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

SSRF via Improper Input Validation in ionicabizau/parse-url

SUMMARY

Hostname is not detected because of improper handling of username and password. (Based on real cases)

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

20 Jul 2022

CVE ID

N/A

Name

Authenticated RCE in craftcms/cms

CVE SCORE

Summary

Authenticated RCE through /admin/settings/email endpoint in craftcms/cms

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Authenticated RCE in craftcms/cms

SUMMARY

Authenticated RCE through /admin/settings/email endpoint in craftcms/cms

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

17 Jun 2022

CVE ID

CVE-2022-22979

Name

DoS in Spring Cloud Function

CVE SCORE

Summary

Spring Cloud Function through the web endpoint is vulnerable to DoS.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

FULL VULNERABILITY NAME

DoS in Spring Cloud Function

SUMMARY

Spring Cloud Function through the web endpoint is vulnerable to DoS.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Date

17 Jun 2022

CVE ID

N/A

Name

Unintended function invocation in Spring Cloud Function

CVE SCORE

Summary

Spring Cloud Function exposes more functions than intended.

Properties

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: Low

FULL VULNERABILITY NAME

Unintended function invocation in Spring Cloud Function

SUMMARY

Spring Cloud Function exposes more functions than intended.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: Low

Date

28 Apr 2022

CVE ID

CVE-2022-0686

Name

Authorization Bypass vulnerability in url-parse

CVE SCORE

Summary

The `url-parse` NPM package allows authorization bypass through user-controlled key. When no port number is provided in the 'url', url-parse is unable to find the correct hostname.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: None

FULL VULNERABILITY NAME

Authorization Bypass vulnerability in url-parse

SUMMARY

The `url-parse` NPM package allows authorization bypass through user-controlled key. When no port number is provided in the 'url', url-parse is unable to find the correct hostname.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: None

Date

28 Apr 2022

CVE ID

CVE-2022-0691

Name

Authorization Bypass vulnerability in url-parse

CVE SCORE

Summary

The `url-parse` npm package allows authorization bypass through user-controlled key. Bypasses `https://hackerone.com/reports/496293` via `` (backspace) character.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Authorization Bypass vulnerability in url-parse

SUMMARY

The `url-parse` npm package allows authorization bypass through user-controlled key. Bypasses `https://hackerone.com/reports/496293` via `` (backspace) character.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

28 Apr 2022

CVE ID

CVE-2022-0227

Name

Business Logic Errors in SilverStripe Framework

CVE SCORE

Summary

SilverStripe Framework is vulnerable to Business Logic Errors in the Failed login count since that value can be a negative number.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

Business Logic Errors in SilverStripe Framework

SUMMARY

SilverStripe Framework is vulnerable to Business Logic Errors in the Failed login count since that value can be a negative number.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None

Date

28 Apr 2022

CVE ID

N/A

Name

A ReDoS (Regular Expression Denial of Service) vulnerability in GitPython

CVE SCORE

Summary

A ReDoS (Regular Expression Denial of Service) vulnerability exists in `GitPython`.

Properties

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: High
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

FULL VULNERABILITY NAME

A ReDoS (Regular Expression Denial of Service) vulnerability in GitPython

SUMMARY

A ReDoS (Regular Expression Denial of Service) vulnerability exists in `GitPython`.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: High
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Date

28 Apr 2022

CVE ID

CVE-2022-0338

Name

Improper Privilege Management in Conda 'loguru'

CVE SCORE

Summary

Improper Privilege Management in Conda 'loguru' can allow an unprivileged user to read log files and disclose sensitive information.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None

FULL VULNERABILITY NAME

Improper Privilege Management in Conda 'loguru'

SUMMARY

Improper Privilege Management in Conda 'loguru' can allow an unprivileged user to read log files and disclose sensitive information.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None

Date

28 Apr 2022

CVE ID

N/A

Name

Log Injection in loguru

CVE SCORE

Summary

Improper Neutralization of Equivalent Special Elements in `loguru` can lead to Log Injection on all logging methods. It is possible to inject newlines (' ') which will create a new log entry in the logfile. This can lead to attackers tampering with logs and a loss of integrity of the log files as a result.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

FULL VULNERABILITY NAME

Log Injection in loguru

SUMMARY

Improper Neutralization of Equivalent Special Elements in `loguru` can lead to Log Injection on all logging methods. It is possible to inject newlines (' ') which will create a new log entry in the logfile. This can lead to attackers tampering with logs and a loss of integrity of the log files as a result.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

Date

25 Apr 2022

CVE ID

CVE-2021-43432

Name

XSS in XMALL ecommerce system

CVE SCORE

Summary

XSS exists in the XMALL admin panel via the GET parameter in product-add.jsp

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

XSS in XMALL ecommerce system

SUMMARY

XSS exists in the XMALL admin panel via the GET parameter in product-add.jsp

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Date

25 Apr 2022

CVE ID

CVE-2022-0512

Name

Authorization Bypass vulnerability in url-parse

CVE SCORE

Summary

The `url-parse` npm package allows Authorization Bypass through user-controlled key. It improperly handles username and password, and ìt's unable to detect the hostname.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

Authorization Bypass vulnerability in url-parse

SUMMARY

The `url-parse` npm package allows Authorization Bypass through user-controlled key. It improperly handles username and password, and ìt's unable to detect the hostname.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None

Date

25 Apr 2022

CVE ID

CVE-2022-0639

Name

Authorization Bypass vulnerability in url-parse

CVE SCORE

Summary

Authorization Bypass through User-Controlled Key in NPM `url-parse`. An incorrect conversion of `@` in protocol in `href` leads to improper validation of the hostname.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

Authorization Bypass vulnerability in url-parse

SUMMARY

Authorization Bypass through User-Controlled Key in NPM `url-parse`. An incorrect conversion of `@` in protocol in `href` leads to improper validation of the hostname.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None

Date

15 Jan 2022

CVE ID

N/A

Name

Improper Restriction of XML External Entity Reference in jetbrains/kotlin

CVE SCORE

Summary

The ModuleXmlParser.parse() function makes use of SAXParser generated from a SAXParserFactory with no FEATURE_SECURE_PROCESSING set, allowing for XXE attacks.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: Low

FULL VULNERABILITY NAME

Improper Restriction of XML External Entity Reference in jetbrains/kotlin

SUMMARY

The ModuleXmlParser.parse() function makes use of SAXParser generated from a SAXParserFactory with no FEATURE_SECURE_PROCESSING set, allowing for XXE attacks.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: Low

Date

30 Dec 2021

CVE ID

CVE-2021-44832

Name

Deserialization attack via JDBC Appender in log4j

CVE SCORE

Summary

Deserialization attack via JDBCAppender's DataSource element in log4j

Properties

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Deserialization attack via JDBC Appender in log4j

SUMMARY

Deserialization attack via JDBCAppender's DataSource element in log4j

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

19 Sep 2021

CVE ID

CVE-2021-37794

Name

Stored XSS Vulnerability Discovered in FileBrowser

CVE SCORE

Summary

A stored cross-site scripting (XSS) vulnerability exists in FileBrowser < v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger malicious OS commands on the server running the FileBrowser instance.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Stored XSS Vulnerability Discovered in FileBrowser

SUMMARY

A stored cross-site scripting (XSS) vulnerability exists in FileBrowser < v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger malicious OS commands on the server running the FileBrowser instance.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

1 Sep 2021

CVE ID

CVE-2021-33360

Name

Command injection vulnerability in @stoqey/gnuplot

CVE SCORE

Summary

All versions of the NPM package `@stoqey/gnuplot` are vulnerable to command injection. The function `plotCallack` receives and executes unsanitized input that is controlled by the user.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Command injection vulnerability in @stoqey/gnuplot

SUMMARY

All versions of the NPM package `@stoqey/gnuplot` are vulnerable to command injection. The function `plotCallack` receives and executes unsanitized input that is controlled by the user.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

1 Sep 2021

CVE ID

N/A

Name

Command injection vulnerability in ssh2

CVE SCORE

Summary

NPM package ssh2 prior to 1.0.0 is vulnerable to command injection through the unsafe execution of user-controlled parameters.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Command injection vulnerability in ssh2

SUMMARY

NPM package ssh2 prior to 1.0.0 is vulnerable to command injection through the unsafe execution of user-controlled parameters.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

22 Jul 2021

CVE ID

CVE-2021-37367

Name

Code Execution Vulnerability Discovered in CTparetnal

CVE SCORE

Summary

Code Execution Vulnerability Discovered in CTparetnal due to directory traversal.

Properties

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Code Execution Vulnerability Discovered in CTparetnal

SUMMARY

Code Execution Vulnerability Discovered in CTparetnal due to directory traversal.

PROPERTIES

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

14 Jul 2021

CVE ID

CVE-2021-37365

Name

Reflected XSS Vulnerability Discovered in CTparetnal

CVE SCORE

Summary

Reflected XSS Vulnerability Discovered in CTparetnal, in the file 'bl_categories_help.php'.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

Reflected XSS Vulnerability Discovered in CTparetnal

SUMMARY

Reflected XSS Vulnerability Discovered in CTparetnal, in the file 'bl_categories_help.php'.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Date

14 Jul 2021

CVE ID

CVE-2021-37366

Name

CSRF Vulnerability Discovered in CTparetnal

CVE SCORE

Summary

CSRF Vulnerability Discovered in the CTparental admin panel.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

CSRF Vulnerability Discovered in CTparetnal

SUMMARY

CSRF Vulnerability Discovered in the CTparental admin panel.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

29 Jun 2021

CVE ID

N/A

Name

Command injection vulnerability in coveralls

CVE SCORE

Summary

The coveralls npm package allows OS Command Injection via shell metacharacters, as demonstrated by getBaseOptions().

Properties

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Command injection vulnerability in coveralls

SUMMARY

The coveralls npm package allows OS Command Injection via shell metacharacters, as demonstrated by getBaseOptions().

PROPERTIES

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

28 Jun 2021

CVE ID

CVE-2021-36518

Name

Prototype pollution in cloneextend

CVE SCORE

Summary

Prototype pollution via the clone and extend functions in cloneextend

Properties

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: Low

FULL VULNERABILITY NAME

Prototype pollution in cloneextend

SUMMARY

Prototype pollution via the clone and extend functions in cloneextend

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: Low

Date

28 Jun 2021

CVE ID

CVE-2021-36517

Name

Prototype pollution in extend2

CVE SCORE

Summary

Prototype pollution via the extend function in extend2

Properties

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: Low

FULL VULNERABILITY NAME

Prototype pollution in extend2

SUMMARY

Prototype pollution via the extend function in extend2

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: Low

Date

22 Jun 2021

CVE ID

CVE-2021-34826

Name

SQL Injection in Heimdall Gateway - heimdall/getheimdall

CVE SCORE

Summary

An unauthenticated SQL Injection in Heimdall Gateway may allow remote compromise of the database.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

SQL Injection in Heimdall Gateway - heimdall/getheimdall

SUMMARY

An unauthenticated SQL Injection in Heimdall Gateway may allow remote compromise of the database.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

21 Jun 2021

CVE ID

CVE-2021-31800

Name

Path Traversal Vulnerability Discovered in Impacket

CVE SCORE

Summary

Path Traversal Vulnerability Discovered in Impacket before 0.9.23, which could lead to RCE depending on the environment and the operating system.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Path Traversal Vulnerability Discovered in Impacket

SUMMARY

Path Traversal Vulnerability Discovered in Impacket before 0.9.23, which could lead to RCE depending on the environment and the operating system.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

21 Jun 2021

CVE ID

CVE-2021-33356

Name

Privilege Escalation Vulnerability Discovered in RaspAP

CVE SCORE

Summary

Privilege Escalation Vulnerability Discovered in RaspAP before 2.6.6, which combined with CVE-2021-33357 or CVE-2021-33358 could lead to RCE with root privileges'.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Privilege Escalation Vulnerability Discovered in RaspAP

SUMMARY

Privilege Escalation Vulnerability Discovered in RaspAP before 2.6.6, which combined with CVE-2021-33357 or CVE-2021-33358 could lead to RCE with root privileges'.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

21 Jun 2021

CVE ID

CVE-2021-33357

Name

Unauthenticated Command Injection Vulnerability Discovered in RaspAP

CVE SCORE

Summary

Unauthenticated Command Injection Vulnerability Discovered in RaspAP before 2.6.6, which combined with CVE-2021-33356 could lead to RCE with root privileges.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Unauthenticated Command Injection Vulnerability Discovered in RaspAP

SUMMARY

Unauthenticated Command Injection Vulnerability Discovered in RaspAP before 2.6.6, which combined with CVE-2021-33356 could lead to RCE with root privileges.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

21 Jun 2021

CVE ID

CVE-2021-33358

Name

Authenticated Command Injection Vulnerability Discovered in RaspAP

CVE SCORE

Summary

Authenticated Command Injection Vulnerability Discovered in RaspAP before 2.6.6, which combined with CVE-2021-33356 could lead to RCE with root privileges.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Authenticated Command Injection Vulnerability Discovered in RaspAP

SUMMARY

Authenticated Command Injection Vulnerability Discovered in RaspAP before 2.6.6, which combined with CVE-2021-33356 could lead to RCE with root privileges.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

21 Jun 2021

CVE ID

CVE-2021-33359

Name

Arbitrary File Read Vulnerability Discovered in GoWitness

CVE SCORE

Summary

Arbitrary File Read Vulnerability Discovered in GoWitness before 2.3.6, which enables attackers to read files from the host when acting as a Screenshot Server.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Arbitrary File Read Vulnerability Discovered in GoWitness

SUMMARY

Arbitrary File Read Vulnerability Discovered in GoWitness before 2.3.6, which enables attackers to read files from the host when acting as a Screenshot Server.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

14 Jun 2021

CVE ID

CVE-2021-33829

Name

Stored XSS Vulnerability Discovered in CKEditor4

CVE SCORE

Summary

Stored XSS Vulnerability Discovered in CKEditor4.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

Stored XSS Vulnerability Discovered in CKEditor4

SUMMARY

Stored XSS Vulnerability Discovered in CKEditor4.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Date

4 Jun 2021

CVE ID

CVE-2021-25641

Name

Unsafe Deserialization In Apache Dubbo & Alibaba Dubbo

CVE SCORE

Summary

Deserialization issues in the Dubbo pipeline allows submitting a malformed gadget object to a Dubbo endpoint, resulting in RCE.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Unsafe Deserialization In Apache Dubbo & Alibaba Dubbo

SUMMARY

Deserialization issues in the Dubbo pipeline allows submitting a malformed gadget object to a Dubbo endpoint, resulting in RCE.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

17 May 2021

CVE ID

CVE-2021-33420

Name

Deserialization RCE attack in replicator

CVE SCORE

Summary

Deserialization RCE attack in replicator npm package via the TypedArrays objects

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Deserialization RCE attack in replicator

SUMMARY

Deserialization RCE attack in replicator npm package via the TypedArrays objects

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

5 May 2021

CVE ID

CVE-2021-29369

Name

Command Injection in @rkesters/gnuplot

CVE SCORE

Summary

The @rkesters/gnuplot package prior to version 0.1.0 allows code execution via shell metacharacters in Gnuplot commands.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Command Injection in @rkesters/gnuplot

SUMMARY

The @rkesters/gnuplot package prior to version 0.1.0 allows code execution via shell metacharacters in Gnuplot commands.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

29 Apr 2021

CVE ID

CVE-2021-26543

Name

Command injection vulnerability in git-parse

CVE SCORE

Summary

the gitDiff function of git-parse is vulnerable to command injection vulnerability

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Command injection vulnerability in git-parse

SUMMARY

the gitDiff function of git-parse is vulnerable to command injection vulnerability

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

28 Apr 2021

CVE ID

N/A

Name

Command Injection in gnuplot-heatmap

CVE SCORE

Summary

Command Injection in gnuplot-heatmap through the `outFile` option

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Command Injection in gnuplot-heatmap

SUMMARY

Command Injection in gnuplot-heatmap through the `outFile` option

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

28 Apr 2021

CVE ID

N/A

Name

Command Injection in jandoc

CVE SCORE

Summary

Command Injection in jandoc

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Command Injection in jandoc

SUMMARY

Command Injection in jandoc

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

28 Apr 2021

CVE ID

N/A

Name

Command injection vulnerability in lifion-verify-deps

CVE SCORE

Summary

The lifion-verify-deps npm package allows OS Command Injection via a crafted package.json file.

Properties

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Command injection vulnerability in lifion-verify-deps

SUMMARY

The lifion-verify-deps npm package allows OS Command Injection via a crafted package.json file.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

28 Apr 2021

CVE ID

N/A

Name

Command Injection in docker-tester

CVE SCORE

Summary

docker-tester allows command injection via a crafted docker-compose file.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Command Injection in docker-tester

SUMMARY

docker-tester allows command injection via a crafted docker-compose file.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

28 Apr 2021

CVE ID

N/A

Name

Gnuplot Command Injection in gnu-plot

CVE SCORE

Summary

Gnuplot Command Injection in gnu-plot through the `set()`, `plot()`, and `splot()` functions

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Gnuplot Command Injection in gnu-plot

SUMMARY

Gnuplot Command Injection in gnu-plot through the `set()`, `plot()`, and `splot()` functions

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

28 Apr 2021

CVE ID

N/A

Name

OS Command Injection in plotter

CVE SCORE

Summary

OS Command Injection in plotter through the `plot()` function

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

OS Command Injection in plotter

SUMMARY

OS Command Injection in plotter through the `plot()` function

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

28 Apr 2021

CVE ID

N/A

Name

Gnuplot Command Injection in plotframes

CVE SCORE

Summary

Gnuplot Command Injection in plotframes through the `plotScript()` function

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Gnuplot Command Injection in plotframes

SUMMARY

Gnuplot Command Injection in plotframes through the `plotScript()` function

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

27 Apr 2021

CVE ID

N/A

Name

Command injection vulnerability in the ssl-utils NPM package

CVE SCORE

Summary

All versions of the ssl-utils Node.js package are vulnerable to command injection via the createCertRequest() and createCert() methods.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Command injection vulnerability in the ssl-utils NPM package

SUMMARY

All versions of the ssl-utils Node.js package are vulnerable to command injection via the createCertRequest() and createCert() methods.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

27 Apr 2021

CVE ID

N/A

Name

Command Injection in azure-gs

CVE SCORE

Summary

Command Injection in azure-gs through the `exec()` function

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: Low

FULL VULNERABILITY NAME

Command Injection in azure-gs

SUMMARY

Command Injection in azure-gs through the `exec()` function

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: Low

Date

26 Apr 2021

CVE ID

N/A

Name

Command injection vulnerability in the google-it NPM package

CVE SCORE

Summary

Remote command injection vulnerability in google-it up to version 1.6.2

Properties

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Command injection vulnerability in the google-it NPM package

SUMMARY

Remote command injection vulnerability in google-it up to version 1.6.2

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

26 Apr 2021

CVE ID

N/A

Name

Remote code execution vulnerability in reqwest

CVE SCORE

Summary

When receiving a response from a server with 'Content-Type: javascript' reqwest will automatically eval the content.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Remote code execution vulnerability in reqwest

SUMMARY

When receiving a response from a server with 'Content-Type: javascript' reqwest will automatically eval the content.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

26 Apr 2021

CVE ID

CVE-2021-31896

Name

Command injection vulnerability in curl-ganteng

CVE SCORE

Summary

The curl function in curl-ganteng has a command injection vulnerability. In case the input is untrusted RCE can be achieved.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Command injection vulnerability in curl-ganteng

SUMMARY

The curl function in curl-ganteng has a command injection vulnerability. In case the input is untrusted RCE can be achieved.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

26 Apr 2021

CVE ID

N/A

Name

Command injection vulnerability in the gitsome NPM package

CVE SCORE

Summary

gitsome through 0.2.3 is vulnerable to RCE via crafted git tag names.

Properties

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Command injection vulnerability in the gitsome NPM package

SUMMARY

gitsome through 0.2.3 is vulnerable to RCE via crafted git tag names.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

26 Apr 2021

CVE ID

N/A

Name

Command injection vulnerability in the proctree NPM package

CVE SCORE

Summary

All versions of the proctree Node.js package are vulnerable to command injection. Exploitation is possible via unsanitized shell metacharacters provided to the getProcessTree() function.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Command injection vulnerability in the proctree NPM package

SUMMARY

All versions of the proctree Node.js package are vulnerable to command injection. Exploitation is possible via unsanitized shell metacharacters provided to the getProcessTree() function.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

26 Apr 2021

CVE ID

N/A

Name

OS Command Injection in ebook

CVE SCORE

Summary

OS Command Injection in ebook through the `Pandoc()` and `KindleGen()` functions

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

OS Command Injection in ebook

SUMMARY

OS Command Injection in ebook through the `Pandoc()` and `KindleGen()` functions

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

25 Apr 2021

CVE ID

N/A

Name

Command injection vulnerability in s3-uploader

CVE SCORE

Summary

The latest version of s3-uploader is vulnerable to command injection via the getMetadata() function.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Command injection vulnerability in s3-uploader

SUMMARY

The latest version of s3-uploader is vulnerable to command injection via the getMetadata() function.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

23 Mar 2021

CVE ID

CVE-2021-29300

Name

Command injection vulnerability in @ronomon/opened

CVE SCORE

Summary

The opened @ronomon/opened library up to 1.5.1, a node api used for checking if a certain file is opened on a system, is vulnerable to a command injection vulnerability which would allow a remote attacker to execute commands on the system if the library was used with untrusted input.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Command injection vulnerability in @ronomon/opened

SUMMARY

The opened @ronomon/opened library up to 1.5.1, a node api used for checking if a certain file is opened on a system, is vulnerable to a command injection vulnerability which would allow a remote attacker to execute commands on the system if the library was used with untrusted input.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

28 Feb 2021

CVE ID

CVE-2021-26539

Name

Validation Bypass in sanitize-html using IDN

CVE SCORE

Summary

sanitize-html does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname validation.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

Validation Bypass in sanitize-html using IDN

SUMMARY

sanitize-html does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname validation.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None

Date

28 Feb 2021

CVE ID

CVE-2021-26540

Name

Validation Bypass in sanitize-html using protocol relative URLs

CVE SCORE

Summary

Apostrophe Technologies sanitize-html does not properly validate the hostnames set by the allowedIframeHostnames option when the allowIframeRelativeUrls is set to true.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

Validation Bypass in sanitize-html using protocol relative URLs

SUMMARY

Apostrophe Technologies sanitize-html does not properly validate the hostnames set by the allowedIframeHostnames option when the allowIframeRelativeUrls is set to true.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None

Date

18 Feb 2021

CVE ID

CVE-2021-27515

Name

Hostname spoofing in url-parse

CVE SCORE

Summary

url-parse before 1.5.0 parses URLs with backslash in the protocol as relative path, such as `http:/`

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

FULL VULNERABILITY NAME

Hostname spoofing in url-parse

SUMMARY

url-parse before 1.5.0 parses URLs with backslash in the protocol as relative path, such as `http:/`

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

Date

13 Feb 2021

CVE ID

CVE-2021-27516

Name

Hostname spoofing in urijs

CVE SCORE

Summary

urijs before 1.19.6 parses URLs with backslash in the protocol as relative path, e.g.`http:/`

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

FULL VULNERABILITY NAME

Hostname spoofing in urijs

SUMMARY

urijs before 1.19.6 parses URLs with backslash in the protocol as relative path, e.g.`http:/`

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

Date

10 Feb 2021

CVE ID

CVE-2021-27191

Name

Denial of Service in get-ip-range package

CVE SCORE

Summary

DoS vulnerability in get-ip-range before 4.0.0 passing a large ip-range could result in JavaScript heap out of memory crash

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

FULL VULNERABILITY NAME

Denial of Service in get-ip-range package

SUMMARY

DoS vulnerability in get-ip-range before 4.0.0 passing a large ip-range could result in JavaScript heap out of memory crash

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Date

9 Feb 2021

CVE ID

CVE-2020-28997

Name

Local File Inclusion vulnerabilities in Pixel Caffeine Wordpress plugin

CVE SCORE

Summary

LFI vulnerabilities in Pixel Caffeine Wordpress plugin, by leveraging the LFI into an XSS, RCE could be achieved.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

Local File Inclusion vulnerabilities in Pixel Caffeine Wordpress plugin

SUMMARY

LFI vulnerabilities in Pixel Caffeine Wordpress plugin, by leveraging the LFI into an XSS, RCE could be achieved.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: Low
  • Availability Impact: None

Date

9 Feb 2021

CVE ID

CVE-2021-27185

Name

Command injection vulnerability in samba-client

CVE SCORE

Summary

The samba-client library for NodeJS before version 4.0.0 suffers from a command injection vulnerability. In the cases that this library is used in a project where the connection parameters may be defined by untrusted input, a malicious actor will be able to use this to inject malicious commands in the server hosting the Node JS application.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Command injection vulnerability in samba-client

SUMMARY

The samba-client library for NodeJS before version 4.0.0 suffers from a command injection vulnerability. In the cases that this library is used in a project where the connection parameters may be defined by untrusted input, a malicious actor will be able to use this to inject malicious commands in the server hosting the Node JS application.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

1 Feb 2021

CVE ID

CVE-2021-23980

Name

Mutation XSS in Mozilla-bleach using comments

CVE SCORE

Summary

In Mozilla Bleach before 3.3.0, a mutation XSS affects users calling bleach.clean with svg/math, p/br, one of the RCDATA tags, and comments allowed.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

Mutation XSS in Mozilla-bleach using comments

SUMMARY

In Mozilla Bleach before 3.3.0, a mutation XSS affects users calling bleach.clean with svg/math, p/br, one of the RCDATA tags, and comments allowed.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Date

21 Jan 2021

CVE ID

CVE-2021-26276

Name

Command injection vulnerability in the config-shield NPM package

CVE SCORE

Summary

When using config-shield in CLI mode, malicious code could be executed when passed through the 'set' command.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

Command injection vulnerability in the config-shield NPM package

SUMMARY

When using config-shield in CLI mode, malicious code could be executed when passed through the 'set' command.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None

Date

21 Jan 2021

CVE ID

CVE-2021-26275

Name

Command injection vulnerability in the eslint-fixer NPM package

CVE SCORE

Summary

All versions of eslint-fixer Node.js package are vulnerable to command injection. Exploitation is possible via unsanitized shell metacharacters provided to the fix() function.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Command injection vulnerability in the eslint-fixer NPM package

SUMMARY

All versions of eslint-fixer Node.js package are vulnerable to command injection. Exploitation is possible via unsanitized shell metacharacters provided to the fix() function.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

20 Jan 2021

CVE ID

CVE-2021-3190

Name

Command injection vulnerability in async-git

CVE SCORE

Summary

The async-git npm package allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Command injection vulnerability in async-git

SUMMARY

The async-git npm package allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

14 Jan 2021

CVE ID

CVE-2021-3133

Name

CSRF in Elementor-Contact-Form-DB wordpress plugin

CVE SCORE

Summary

CSRF in the settings page of Elementor-Contact-Form-DB wordpress plugin

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

CSRF in Elementor-Contact-Form-DB wordpress plugin

SUMMARY

CSRF in the settings page of Elementor-Contact-Form-DB wordpress plugin

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

11 Jan 2021

CVE ID

CVE-2021-23326

Name

Command injection vulnerability in @graphql-tools/git-loader

CVE SCORE

Summary

The loadFromGit function in index.cjs.js has a command injection vulnerability. Clients of the library are unlikely to be aware of this, so they might unwittingly write code that contains.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Command injection vulnerability in @graphql-tools/git-loader

SUMMARY

The loadFromGit function in index.cjs.js has a command injection vulnerability. Clients of the library are unlikely to be aware of this, so they might unwittingly write code that contains.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

6 Jan 2021

CVE ID

CVE-2020-35774

Name

Stored XSS via /histogram endpoint in twitter-server

CVE SCORE

Summary

In Twitter-server before 21.12.0, a reflected XSS exists in the administration panel of twitter-server in the histograms component.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

Stored XSS via /histogram endpoint in twitter-server

SUMMARY

In Twitter-server before 21.12.0, a reflected XSS exists in the administration panel of twitter-server in the histograms component.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Date

6 Jan 2021

CVE ID

CVE-2021-26541

Name

Command injection vulnerability in gitlog

CVE SCORE

Summary

The gitlog function in src/index.ts has a command injection vulnerability. Clients of the gitlog library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Command injection vulnerability in gitlog

SUMMARY

The gitlog function in src/index.ts has a command injection vulnerability. Clients of the gitlog library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

23 Dec 2020

CVE ID

CVE-2020-35773

Name

RCE via site-offline wordpress plugin

CVE SCORE

Summary

CSRF and XSS vulnerabilities in site-offline resulting in an RCE

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

FULL VULNERABILITY NAME

RCE via site-offline wordpress plugin

SUMMARY

CSRF and XSS vulnerabilities in site-offline resulting in an RCE

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

Date

17 Dec 2020

CVE ID

CVE-2020-26275

Name

Open redirect in Jupyter server

CVE SCORE

Summary

Open redirect vulnerability in Jupyter server via the /login?next= path

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

Open redirect in Jupyter server

SUMMARY

Open redirect vulnerability in Jupyter server via the /login?next= path

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Date

8 Dec 2020

CVE ID

CVE-2020-35135

Name

CSRF in ultimate-category-excluder wordpress plugin

CVE SCORE

Summary

CSRF in the settings page of ultimate-category-excluder wordpress plugin

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

CSRF in ultimate-category-excluder wordpress plugin

SUMMARY

CSRF in the settings page of ultimate-category-excluder wordpress plugin

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

2 Dec 2020

CVE ID

CVE-2020-13669

Name

XSS in Drupal core's built-in CKEditor image caption functionality

CVE SCORE

Summary

Drupal core's built-in CKEditor image caption functionality is vulnerable to XSS.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

XSS in Drupal core's built-in CKEditor image caption functionality

SUMMARY

Drupal core's built-in CKEditor image caption functionality is vulnerable to XSS.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Date

30 Nov 2020

CVE ID

CVE-2020-28996

Name

CSRF and Reflected XSS in PowerPress Wordpress plugin

CVE SCORE

Summary

Reflected XSS and CSRF in Powerpress Wordpress plugin admin page, which can result in an RCE

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

CSRF and Reflected XSS in PowerPress Wordpress plugin

SUMMARY

Reflected XSS and CSRF in Powerpress Wordpress plugin admin page, which can result in an RCE

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: Low
  • Availability Impact: None

Date

27 Nov 2020

CVE ID

CVE-2020-27783

Name

Mutation Cross-Site Scripting in lxml

CVE SCORE

Summary

lxml utilize parser that doesn't imitate browsers, versions before 4.6.2 are vulnerable to mutation XSS.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

Mutation Cross-Site Scripting in lxml

SUMMARY

lxml utilize parser that doesn't imitate browsers, versions before 4.6.2 are vulnerable to mutation XSS.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Date

19 Nov 2020

CVE ID

CVE-2020-13663

Name

Reflected DOM-based XSS in Drupal Core

CVE SCORE

Summary

A reflected DOM-based XSS was identified in Drupal Core, which allows an attacker to craft a web-page that would send a request to the`edit node` or `add node` endpoint and will be reflected in the victim's browser.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

Reflected DOM-based XSS in Drupal Core

SUMMARY

A reflected DOM-based XSS was identified in Drupal Core, which allows an attacker to craft a web-page that would send a request to the`edit node` or `add node` endpoint and will be reflected in the victim's browser.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Date

18 Nov 2020

CVE ID

N/A

Name

Reintroduced ReDoS in debug

CVE SCORE

Summary

Reintroduced ReDoS vulnerabilty (CVE-2017-16137) in debug from version 4.0.0 up to 4.3.0

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Low

FULL VULNERABILITY NAME

Reintroduced ReDoS in debug

SUMMARY

Reintroduced ReDoS vulnerabilty (CVE-2017-16137) in debug from version 4.0.0 up to 4.3.0

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Low

Date

17 Nov 2020

CVE ID

CVE-2020-13942

Name

Remote Code Execution in Apache Unomi using `MVEL` and `OGNL` expressions

CVE SCORE

Summary

In Apache Unomi before 1.5.2 is vulnerable to a remote code execution vulnerability by sending malicious requests with MVEL an OGNL expressions.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Remote Code Execution in Apache Unomi using `MVEL` and `OGNL` expressions

SUMMARY

In Apache Unomi before 1.5.2 is vulnerable to a remote code execution vulnerability by sending malicious requests with MVEL an OGNL expressions.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

16 Nov 2020

CVE ID

CVE-2020-28995

Name

Reflected XSS in Paid Memberships Pro Wordpress plugin

CVE SCORE

Summary

Reflected XSS on an admin page in Paid Memberships Pro, which can potentially result in an RCE

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

Reflected XSS in Paid Memberships Pro Wordpress plugin

SUMMARY

Reflected XSS on an admin page in Paid Memberships Pro, which can potentially result in an RCE

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: Low
  • Availability Impact: None

Date

8 Nov 2020

CVE ID

CVE-2020-15275

Name

XSS in MoinMoin when uploading a SVG file with malicious javascript code in its content

CVE SCORE

Summary

MoinMoin before 1.9.11 is vulnerable to an XSS attack, by uploading a SVG file that contains malicious javascript code.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: None

FULL VULNERABILITY NAME

XSS in MoinMoin when uploading a SVG file with malicious javascript code in its content

SUMMARY

MoinMoin before 1.9.11 is vulnerable to an XSS attack, by uploading a SVG file that contains malicious javascript code.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: None

Date

10 Oct 2020

CVE ID

CVE-2020-26935

Name

SQL Injection in phpMyAdmin

CVE SCORE

Summary

SQL Injection in phpMyAdmin through `SearchController`

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

SQL Injection in phpMyAdmin

SUMMARY

SQL Injection in phpMyAdmin through `SearchController`

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Date

20 Aug 2020

CVE ID

CVE-2020-14042

Name

Stored XSS via folder name in Codiad

CVE SCORE

Summary

Stored XSS in the folder name variable in Codiad

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

Stored XSS via folder name in Codiad

SUMMARY

Stored XSS in the folder name variable in Codiad

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Date

20 Aug 2020

CVE ID

CVE-2020-14043

Name

Codiad CSRF in the plugin request

CVE SCORE

Summary

CSRF vulnerability in the marketplace plugin download request

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Codiad CSRF in the plugin request

SUMMARY

CSRF vulnerability in the marketplace plugin download request

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

20 Aug 2020

CVE ID

CVE-2020-14044

Name

Codiad SSRF when installing a plugin

CVE SCORE

Summary

SSRF vulnerability when installing a plugin causing arbitrary file download

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Codiad SSRF when installing a plugin

SUMMARY

SSRF vulnerability when installing a plugin causing arbitrary file download

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

22 Apr 2020

CVE ID

CVE-2020-7598

Name

Prototype Pollution vulnerability in Minimist

CVE SCORE

Summary

Minist before version 1.2.3 or 0.2.1 is vulnerable to prototupe pollution because the arguments are not properly sanitized.

Properties

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: Low

FULL VULNERABILITY NAME

Prototype Pollution vulnerability in Minimist

SUMMARY

Minist before version 1.2.3 or 0.2.1 is vulnerable to prototupe pollution because the arguments are not properly sanitized.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: Low

Date

17 Mar 2020

CVE ID

CVE-2020-6816

Name

Mutation XSS in Mozilla-bleach via svg or math

CVE SCORE

Summary

In Mozilla Bleach before 3.1.2, a mutation XSS affects users calling bleach.clean with svg or math and a style tags allowed.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

Mutation XSS in Mozilla-bleach via svg or math

SUMMARY

In Mozilla Bleach before 3.1.2, a mutation XSS affects users calling bleach.clean with svg or math and a style tags allowed.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Date

25 Feb 2020

CVE ID

CVE-2020-6802

Name

Mutation XSS in Mozilla-bleach via noscript

CVE SCORE

Summary

In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

Mutation XSS in Mozilla-bleach via noscript

SUMMARY

In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Date

16 Feb 2020

CVE ID

N/A

Name

Open redirect in macaron/i18n

CVE SCORE

Summary

Open redirect vulnerability in the GoLang package i18n via double slash.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

Open redirect in macaron/i18n

SUMMARY

Open redirect vulnerability in the GoLang package i18n via double slash.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Date

10 Feb 2020

CVE ID

CVE-2019-17564

Name

Unsafe deserialization in Apache Dubbo

CVE SCORE

Summary

Unsafe deserialization vulnerability in Apache Dubbo which has HTTP remoting enabled, could allow to trigger remote code execution with no authentication.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

FULL VULNERABILITY NAME

Unsafe deserialization in Apache Dubbo

SUMMARY

Unsafe deserialization vulnerability in Apache Dubbo which has HTTP remoting enabled, could allow to trigger remote code execution with no authentication.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Date

26 Sep 2019

CVE ID

N/A

Name

OS command execution vulnerability in Commander.js

CVE SCORE

Summary

With a given a permission to write and set permissions on a file in the same working directory as the application, an attacker could run arbitrary command on the server

Properties

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: Low

FULL VULNERABILITY NAME

OS command execution vulnerability in Commander.js

SUMMARY

With a given a permission to write and set permissions on a file in the same working directory as the application, an attacker could run arbitrary command on the server

PROPERTIES

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: Low

Date

31 Jan 2019

CVE ID

N/A

Name

Open redirect in gitea/blog

CVE SCORE

Summary

Open redirect vulnerability in the GoLang package i18n via double slash - '//'

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

Open redirect in gitea/blog

SUMMARY

Open redirect vulnerability in the GoLang package i18n via double slash - '//'

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Date

31 Jan 2019

CVE ID

CVE-2019-3826

Name

DOM XSS in Prometheus

CVE SCORE

Summary

DOM XSS in the stored history field of Prometheus

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

DOM XSS in Prometheus

SUMMARY

DOM XSS in the stored history field of Prometheus

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Date

13 Dec 2017

CVE ID

CVE-2016-10703

Name

Denial of Service (DoS) vulnerability in ecstatic npm package

CVE SCORE

Summary

A Denial of Service (DoS) vulnerability in the file ecstatic.js of the ecstatic npm package, before version 2.0.0, allows a remote attacker to overload and crash a server by passing a maliciously crafted string.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

FULL VULNERABILITY NAME

Denial of Service (DoS) vulnerability in ecstatic npm package

SUMMARY

A Denial of Service (DoS) vulnerability in the file ecstatic.js of the ecstatic npm package, before version 2.0.0, allows a remote attacker to overload and crash a server by passing a maliciously crafted string.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Date

17 Nov 2017

CVE ID

CVE-2017-14077

Name

HTML injection in Securimage

CVE SCORE

Summary

An HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php.

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

HTML injection in Securimage

SUMMARY

An HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php.

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Date

18 May 2016

CVE ID

CVE-2016-10510

Name

Cross-Site Scripting in Kohana PHP

CVE SCORE

Summary

A Cross-site scripting (XSS) vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary JavaScript by bypassing the strip_image_tags protection mechanism

Properties

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

FULL VULNERABILITY NAME

Cross-Site Scripting in Kohana PHP

SUMMARY

A Cross-site scripting (XSS) vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary JavaScript by bypassing the strip_image_tags protection mechanism

PROPERTIES

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None