{"vulnerability": "cve-2022-2585", "sightings": [{"uuid": "6579baef-62d5-40b2-8126-34f9e455f3ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25853", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8732", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-25853\n\ud83d\udd25 CVSS Score: 7.4 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P)\n\ud83d\udd39 Description: All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization.\n\ud83d\udccf Published: 2023-02-06T05:00:01.967Z\n\ud83d\udccf Modified: 2025-03-25T18:10:39.844Z\n\ud83d\udd17 References:\n1. https://security.snyk.io/vuln/SNYK-JS-SEMVERTAGS-3175612\n2. https://github.com/jtrussell/semver-tags/blob/db1ba680bafed0d51e1bb36bd38f2c5439fe8b00/lib/get-tags.js%23L21", "creation_timestamp": "2025-03-25T18:25:23.000000Z"}, {"uuid": "de7a0429-9120-41cb-bd2e-107a333503b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2585", "type": "seen", "source": "https://t.me/arpsyndicate/2760", "content": "#ExploitObserverAlert\n\nCVE-2022-2585\n\nDESCRIPTION: Exploit Observer has 5 entries related to CVE-2022-2585.", "creation_timestamp": "2024-01-09T18:41:53.000000Z"}, {"uuid": "524f23dc-8edc-4243-9c26-bf128811c37f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2585", "type": "seen", "source": "https://t.me/ctinow/173466", "content": "https://ift.tt/qY48Nm1\nCVE-2022-2585 | Linux Kernel prior 6.0-rc1 Non-Leader Thread use after free (USN-5566-1)", "creation_timestamp": "2024-01-25T14:41:55.000000Z"}, {"uuid": "b0889978-099a-4382-9149-609aacbff831", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2585", "type": "seen", "source": "https://t.me/ctinow/164573", "content": "https://ift.tt/DZ6GSRd\nCVE-2022-2585", "creation_timestamp": "2024-01-08T19:26:18.000000Z"}, {"uuid": "fa923b9f-17c8-480e-b124-8f6ebd163732", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25855", "type": "seen", "source": "https://t.me/cibsecurity/57538", "content": "\u203c CVE-2022-25855 \u203c\n\nAll versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-06T07:22:49.000000Z"}, {"uuid": "a3c3d849-40bc-461c-875a-a37a1dc77603", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25853", "type": "seen", "source": "https://t.me/cibsecurity/57536", "content": "\u203c CVE-2022-25853 \u203c\n\nAll versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-06T07:22:48.000000Z"}, {"uuid": "464c5776-4538-46fc-8533-fcc35a9d5a02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25857", "type": "seen", "source": "https://t.me/cibsecurity/49041", "content": "\u203c CVE-2022-25857 \u203c\n\nThe package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-30T12:35:34.000000Z"}, {"uuid": "42852666-c1cb-4a23-a784-6df048cd2252", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25856", "type": "seen", "source": "https://t.me/cibsecurity/44758", "content": "\u203c CVE-2022-25856 \u203c\n\nThe package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the (g *GitArtifactReader).Read() API in git.go. This could allow arbitrary file reads if the GitArtifactReader is provided a pathname containing a symbolic link or an implicit directory name such as ...\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-18T00:23:10.000000Z"}, {"uuid": "6fa76fdc-bae8-4f98-8306-e399a3de89d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25852", "type": "seen", "source": "https://t.me/cibsecurity/44764", "content": "\u203c CVE-2022-25852 \u203c\n\nAll versions of package pg-native; all versions of package libpq are vulnerable to Denial of Service (DoS) when the addons attempt to cast the second argument to an array and fail. This happens for every non-array argument passed. **Note:** pg-native is a mere binding to npm's libpq library, which in turn has the addons and bindings to the actual C libpq library. This means that problems found in pg-native may transitively impact npm's libpq.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-18T00:23:19.000000Z"}, {"uuid": "f5fef50c-5765-4eef-80ca-f7fc00be2589", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25858", "type": "seen", "source": "https://t.me/cibsecurity/46372", "content": "\u203c CVE-2022-25858 \u203c\n\nThe package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-16T00:20:37.000000Z"}, {"uuid": "714970ca-443c-429f-b93e-875426548495", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25851", "type": "seen", "source": "https://t.me/cibsecurity/44226", "content": "\u203c CVE-2022-25851 \u203c\n\nThe package jpeg-js before 0.4.4 are vulnerable to Denial of Service (DoS) where a particular piece of input will cause to enter an infinite loop and never return.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-10T17:30:55.000000Z"}, {"uuid": "70b4f6df-9c1b-462f-bbbf-2d9aaf1bc8ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25854", "type": "seen", "source": "https://t.me/cibsecurity/41684", "content": "\u203c CVE-2022-25854 \u203c\n\nThis affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the XSS payload.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-30T00:25:20.000000Z"}]}