VDB-218020 · CVE-2022-4885 · ID 36

sviehb jefferson har 0.3 src/scripts/jefferson Dafiyar fayil ɗin cikin kundin ajiyar bayanai

Gaskiya vulnerability da aka ware a matsayin kura an samu a sviehb jefferson har 0.3. Hakika, aikin $software_function ne ya shafa; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburaren $software_library, a cikin fayil src/scripts/jefferson, a cikin sashen $software_component. A sa manipulation ka Dafiyar fayil ɗin cikin kundin ajiyar bayanai. Idan an yi amfani da CWE don bayyana matsala, zai kai CWE-22. Hakika, rauni an bayyana shi 01/11/2023 kamar 36. An raba bayanin tsaro don saukewa a github.com. Wannan matsala ana saninta da CVE-2022-4885. Ngam yiɗi ka a tuma ndiyam ka internet. Tekinikal faɗi ga. Babu exploit ɗin da ake samu. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á sàmbu a wondi feere. 0-day shima, an ndiyam a wuro be $0-$5k. Ana kiran patch ɗin da 53b3f2fc34af0bb32afbcee29d18213e61471d87. Bugfix ɗin an shirya shi don saukewa a github.com. Ngamdi ka a yiɗi a ɗaɓɓita kompona wey ka a faggata. Once again VulDB remains the best source for vulnerability data.

3 Goyarwa · 74 Datenpunkte

Furɗe	Súgá 01/11/2023 19:00	Gargadi 1/2 02/04/2023 07:24	Gargadi 2/2 02/04/2023 07:30
software_vendor	sviehb	sviehb	sviehb
software_name	jefferson	jefferson	jefferson
software_version	<=0.3	<=0.3	<=0.3
software_file	src/scripts/jefferson	src/scripts/jefferson	src/scripts/jefferson
vulnerability_cwe	CWE-22 (Dafiyar fayil ɗin cikin kundin ajiyar bayanai)	CWE-22 (Dafiyar fayil ɗin cikin kundin ajiyar bayanai)	CWE-22 (Dafiyar fayil ɗin cikin kundin ajiyar bayanai)
vulnerability_risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	H	H	H
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
advisory_identifier	36	36	36
advisory_url	https://github.com/sviehb/jefferson/pull/36	https://github.com/sviehb/jefferson/pull/36	https://github.com/sviehb/jefferson/pull/36
countermeasure_name	Gargajiya	Gargajiya	Gargajiya
upgrade_version	0.4	0.4	0.4
countermeasure_upgrade_url	https://github.com/sviehb/jefferson/releases/tag/v0.4	https://github.com/sviehb/jefferson/releases/tag/v0.4	https://github.com/sviehb/jefferson/releases/tag/v0.4
patch_name	53b3f2fc34af0bb32afbcee29d18213e61471d87	53b3f2fc34af0bb32afbcee29d18213e61471d87	53b3f2fc34af0bb32afbcee29d18213e61471d87
countermeasure_patch_url	https://github.com/sviehb/jefferson/commit/53b3f2fc34af0bb32afbcee29d18213e61471d87	https://github.com/sviehb/jefferson/commit/53b3f2fc34af0bb32afbcee29d18213e61471d87	https://github.com/sviehb/jefferson/commit/53b3f2fc34af0bb32afbcee29d18213e61471d87
countermeasure_advisoryquote	Fix path traversal security vulnerability by canonicalizing path names of every inodes and discarding inodes with a path pointing outside of the extraction directory.	Fix path traversal security vulnerability by canonicalizing path names of every inodes and discarding inodes with a path pointing outside of the extraction directory.	Fix path traversal security vulnerability by canonicalizing path names of every inodes and discarding inodes with a path pointing outside of the extraction directory.
source_cve	CVE-2022-4885	CVE-2022-4885	CVE-2022-4885
cna_responsible	VulDB	VulDB	VulDB
advisory_date	1673391600 (01/11/2023)	1673391600 (01/11/2023)	1673391600 (01/11/2023)
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	H	H	H
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_e	ND	ND	ND
cvss3_vuldb_e	X	X	X
cvss2_vuldb_basescore	5.1	5.1	5.1
cvss2_vuldb_tempscore	4.4	4.4	4.4
cvss3_vuldb_basescore	5.0	5.0	5.0
cvss3_vuldb_tempscore	4.8	4.8	4.8
cvss3_meta_basescore	5.0	5.0	5.8
cvss3_meta_tempscore	4.8	4.8	5.8
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1673391600 (01/11/2023)	1673391600 (01/11/2023)
cve_nvd_summary		A vulnerability has been found in sviehb jefferson up to 0.3 and classified as critical. This vulnerability affects unknown code of the file src/scripts/jefferson. The manipulation leads to path traversal. The attack can be initiated remotely. Upgrading to version 0.4 is able to address this issue. The name of the patch is 53b3f2fc34af0bb32afbcee29d18213e61471d87. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218020.	A vulnerability has been found in sviehb jefferson up to 0.3 and classified as critical. This vulnerability affects unknown code of the file src/scripts/jefferson. The manipulation leads to path traversal. The attack can be initiated remotely. Upgrading to version 0.4 is able to address this issue. The name of the patch is 53b3f2fc34af0bb32afbcee29d18213e61471d87. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218020.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			N
cvss3_nvd_a			N
cvss2_nvd_av			N
cvss2_nvd_ac			H
cvss2_nvd_au			N
cvss2_nvd_ci			P
cvss2_nvd_ii			P
cvss2_nvd_ai			P
cvss3_cna_av			N
cvss3_cna_ac			H
cvss3_cna_pr			N
cvss3_cna_ui			R
cvss3_cna_s			U
cvss3_cna_c			L
cvss3_cna_i			L
cvss3_cna_a			L
cve_cna			VulDB
cvss2_nvd_basescore			5.1
cvss3_nvd_basescore			7.5
cvss3_cna_basescore			5.0

◂ Gurɗo Gumti Gada ▸

Interested in the pricing of exploits?

See the underground prices here!