{"vulnerability": "cve-2022-2364", "sightings": [{"uuid": "fcf1f073-06f3-4d97-af9e-2bb3089ef97b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23642", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "4203c863-8b8c-4f7d-87d8-eebb9f2930cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23642", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:44.000000Z"}, {"uuid": "fbb72757-232c-47f1-ac05-629fda375585", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23648", "type": "seen", "source": "https://gist.github.com/AyushyaChitransh/3b69f94e19b188ba41ee0c49a282e64c", "content": "", "creation_timestamp": "2025-03-13T20:14:03.000000Z"}, {"uuid": "8311c476-fd8f-4ee4-8cb9-9341cda670eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23642", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/sourcegraph_gitserver_sshcmd.rb", "content": "", "creation_timestamp": "2022-07-13T14:37:15.000000Z"}, {"uuid": "5d640bb4-5741-4c32-9fad-53b81ff051bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23648", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1719", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aPOC for CVE-2022-23648\nURL\uff1ahttps://github.com/raesene/CVE-2022-23648-POC\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-03-25T19:47:54.000000Z"}, {"uuid": "90ad7ce9-c6d5-4719-98e9-63860f92c678", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23640", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13118", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-23640\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no known workaround.\n\ud83d\udccf Published: 2022-03-02T19:50:10.000Z\n\ud83d\udccf Modified: 2025-04-23T18:59:25.932Z\n\ud83d\udd17 References:\n1. https://github.com/monitorjbl/excel-streaming-reader/security/advisories/GHSA-xvm2-9xvc-hx7f\n2. https://github.com/monitorjbl/excel-streaming-reader/commit/0749c7b9709db078ccdeada16d46a34bc2910c73", "creation_timestamp": "2025-04-23T19:05:13.000000Z"}, {"uuid": "1a5c4ad2-c340-47dd-b5cd-f1bd261f0c0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23642", "type": "published-proof-of-concept", "source": "Telegram/Ip3Gh0poW8tdMG07iwidHvLEgfZ4cxE7wfqyPu63vqdGfw", "content": "", "creation_timestamp": "2022-06-13T03:23:07.000000Z"}, {"uuid": "faba4eba-2529-4542-b86a-4ced242d31ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23642", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/218", "content": "CVE-2022-23642 : Sourcegraph Gitserver < 3.37 RCE\nhttps://github.com/Altelus1/CVE-2022-23642", "creation_timestamp": "2022-06-12T23:09:17.000000Z"}, {"uuid": "112a7c36-bad9-4953-a5c2-2e49b24449ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23642", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/685", "content": "\u200bCVE-2022-23642\n\nPoC for Sourcegraph Gitserver 3.37.0 RCE\n\nSourcegraph prior to 3.37.0 has a remote code execution vulnerability on its gitserver service. This is due to lack of restriction on git config execution thus \"core.sshCommand\" can be passed on the HTTP arguments which can contain arbitrary bash commands. Note that this is only possible if gitserver is exposed to the attacker.\n\nhttps://github.com/Altelus1/CVE-2022-23642\n\nResearch:\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23642\n\n#exploit #cve", "creation_timestamp": "2022-06-13T03:16:30.000000Z"}, {"uuid": "32828b92-a15e-4f19-8ca9-20f22f80a702", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2364", "type": "seen", "source": "https://t.me/cibsecurity/46072", "content": "\u203c CVE-2022-2364 \u203c\n\nA vulnerability, which was classified as problematic, was found in SourceCodester Simple Parking Management System 1.0. This affects an unknown part of the file /ci_spms/admin/category. The manipulation of the argument vehicle_type with the input \">alert(\"XSS\") leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-12T21:51:46.000000Z"}, {"uuid": "0f9c1206-1f91-43cd-8635-0723efc797c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23640", "type": "seen", "source": "https://t.me/cibsecurity/38321", "content": "\u203c CVE-2022-23640 \u203c\n\nExcel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no known workaround.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-02T22:25:16.000000Z"}, {"uuid": "b2c7ed35-6ef4-4a83-be7b-b118cc734151", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23648", "type": "seen", "source": "https://t.me/cibsecurity/38353", "content": "\u203c CVE-2022-23648 \u203c\n\ncontainerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd\u00c3\u00a2\u00e2\u201a\u00ac\u00e2\u201e\u00a2s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd\u00c3\u00a2\u00e2\u201a\u00ac\u00e2\u201e\u00a2s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-03T16:26:05.000000Z"}, {"uuid": "9cbd8068-addf-46e7-bda9-b0a9a9b41d1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23644", "type": "seen", "source": "https://t.me/cibsecurity/37625", "content": "\u203c CVE-2022-23644 \u203c\n\nBookWyrm is a decentralized social network for tracking reading habits and reviewing books. The functionality to load a cover via url is vulnerable to a server-side request forgery attack. Any BookWyrm instance running a version prior to v0.3.0 is susceptible to attack from a logged-in user. The problem has been patched and administrators should upgrade to version 0.3.0 As a workaround, BookWyrm instances can close registration and limit members to trusted individuals.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-16T22:36:30.000000Z"}, {"uuid": "7e8165de-f7d0-4cfb-a000-b147ada2bc68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23646", "type": "seen", "source": "https://t.me/cibsecurity/37683", "content": "\u203c CVE-2022-23646 \u203c\n\nNext.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface (UI) Misrepresentation of Critical Information. In order to be affected, the `next.config.js` file must have an `images.domains` array assigned and the image host assigned in `images.domains` must allow user-provided SVG. If the `next.config.js` file has `images.loader` assigned to something other than default, the instance is not affected. Version 12.1.0 contains a patch for this issue. As a workaround, change `next.config.js` to use a different `loader configuration` other than the default.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-18T00:37:39.000000Z"}, {"uuid": "40bd9bc7-861d-433a-9514-d58be05fe37b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23641", "type": "seen", "source": "https://t.me/cibsecurity/37546", "content": "\u203c CVE-2022-23641 \u203c\n\nDiscourse is an open source discussion platform. In versions prior to 2.8.1 in the `stable` branch, 2.9.0.beta2 in the `beta` branch, and 2.9.0.beta2 in the `tests-passed` branch, users can trigger a Denial of Service attack by posting a streaming URL. Parsing Oneboxes in the background job trigger an infinite loop, which cause memory leaks. This issue is patched in version 2.8.1 of the `stable` branch, 2.9.0.beta2 of the `beta` branch, and 2.9.0.beta2 of the `tests-passed` branch. As a workaround, disable onebox in admin panel completely or specify allow list of domains that will be oneboxed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-16T00:35:57.000000Z"}, {"uuid": "bc9bdfaf-c0b0-48fc-8337-0c336f54289a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23643", "type": "seen", "source": "https://t.me/cibsecurity/37545", "content": "\u203c CVE-2022-23643 \u203c\n\nSourcegraph is a code search and navigation engine. Sourcegraph versions 3.35 and 3.36 reintroduced a previously fixed side-channel vulnerabilitity in the Code Monitoring feature where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects only the Code Monitoring feature, whereas CVE-2021-43823 also affected saved searches. A successful attack would require an authenticated bad actor to create many Code Monitors to receive confirmation that a specific string exists. This could allow an attacker to guess formatted tokens in source code, such as API keys. This issue was patched in versions 3.35.2 and 3.36.3 of Sourcegraph. Those who are unable to upgrade may disable the Code Monitor feature in their installation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-16T00:35:56.000000Z"}, {"uuid": "2529c501-78b5-4ba1-93e5-2238373ba855", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23649", "type": "seen", "source": "https://t.me/cibsecurity/37797", "content": "\u203c CVE-2022-23649 \u203c\n\nCosign provides container signing, verification, and storage in an OCI registry for the sigstore project. Prior to version 1.5.2, Cosign can be manipulated to claim that an entry for a signature exists in the Rekor transparency log even if it doesn't. This requires the attacker to have pull and push permissions for the signature in OCI. This can happen with both standard signing with a keypair and \"keyless signing\" with Fulcio. If an attacker has access to the signature in OCI, they can manipulate cosign into believing the entry was stored in Rekor even though it wasn't. The vulnerability has been patched in v1.5.2 of Cosign. The `signature` in the `signedEntryTimestamp` provided by Rekor is now compared to the `signature` that is being verified. If these don't match, then an error is returned. If a valid bundle is copied to a different signature, verification should fail. Cosign output now only informs the user that certificates were verified if a certificate was in fact verified. There is currently no known workaround.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-19T00:38:39.000000Z"}, {"uuid": "9cf3019d-617a-4b04-b2b5-b528b56d82a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23645", "type": "seen", "source": "https://t.me/cibsecurity/37800", "content": "\u203c CVE-2022-23645 \u203c\n\nswtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-19T00:38:47.000000Z"}, {"uuid": "1ac71446-d371-4933-9ea9-11d94b42d8f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23647", "type": "seen", "source": "https://t.me/cibsecurity/37707", "content": "\u203c CVE-2022-23647 \u203c\n\nPrism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism's command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted into the DOM as HTML code. Server-side usage of Prism is not impacted. Websites that do not use the Command Line plugin are also not impacted. This bug has been fixed in v1.27.0. As a workaround, do not use the command line plugin on untrusted inputs, or sanitize all code blocks (remove all HTML code text) from all code blocks that use the command line plugin.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-18T18:38:13.000000Z"}, {"uuid": "bf784d0b-98e0-4244-bee3-c25489578a59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23642", "type": "seen", "source": "https://t.me/cibsecurity/37810", "content": "\u203c CVE-2022-23642 \u203c\n\nSourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.37 is vulnerable to remote code execution in the `gitserver` service. The service acts as a git exec proxy, and fails to properly restrict calling `git config`. This allows an attacker to set the git `core.sshCommand` option, which sets git to use the specified command instead of ssh when they need to connect to a remote system. Exploitation of this vulnerability depends on how Sourcegraph is deployed. An attacker able to make HTTP requests to internal services like gitserver is able to exploit it. This issue is patched in Sourcegraph version 3.37. As a workaround, ensure that requests to gitserver are properly protected.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-19T02:38:45.000000Z"}, {"uuid": "85d3db2d-8e85-438f-b86a-8fdd81f071ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23648", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/1829", "content": "#exploit\n1. CVE-2022-23648:\ncontainerd: Insecure handling of image volumes\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=2244\n\n2. Exploit tool for CVE-2021-43008\nAdminer 1.0 - 4.6.2 Arbitrary File Read vulnerability\nhttps://github.com/p0dalirius/CVE-2021-43008-AdminerRead\n\n@BlueRedTeam", "creation_timestamp": "2022-03-24T09:55:10.000000Z"}, {"uuid": "d8e4d7ee-94a1-441b-bbb0-c97ba73b1ca2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23648", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5664", "content": "#exploit\n1. CVE-2022-23648:\ncontainerd: Insecure handling of image volumes\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=2244\n\n2. Exploit tool for CVE-2021-43008\nAdminer 1.0 - 4.6.2 Arbitrary File Read vulnerability\nhttps://github.com/p0dalirius/CVE-2021-43008-AdminerRead", "creation_timestamp": "2024-12-19T15:32:08.000000Z"}, {"uuid": "f7944e9f-0e66-44b2-8ca3-0cd3be3d0d01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23642", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6186", "content": "#exploit\n1. CVE-2022-23642:\nPoC for Sourcegraph Gitserver < 3.37 RCE\nhttps://github.com/Altelus1/CVE-2022-23642\n\n2. CVE-2022-24806/CVE-2022-24807:\nUnauthenticated RCE vulnerability in Magento and Adobe Commerce\nhttps://github.com/oturu/CVE-2022-24806-MASS-RCE", "creation_timestamp": "2022-06-12T13:48:14.000000Z"}]}