{"vulnerability": "cve-2022-4192", "sightings": [{"uuid": "976d1ab7-16c6-42f7-96bc-06efd1477177", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41922", "type": "seen", "source": "https://t.me/arpsyndicate/2853", "content": "#ExploitObserverAlert\n\nCVE-2022-41922\n\nDESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2022-41922. `yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. This has been patched in 1.1.27.\n\nFIRST-EPSS: 0.003850000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2024-01-16T13:25:31.000000Z"}, {"uuid": "88783674-3697-435d-b26e-87c5daf95b09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41923", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/1498", "content": "#exploit\n1. Workaround for CVE-2022-41923: Privilege Management Vulnerability\nhttps://github.com/grails/GSSC-CVE-2022-41923\n\n2. CVE-2022-32060:\nSnipe-IT v.6.0.2 - arbitrary file upload\nhttps://github.com/bypazs/CVE-2022-32060\n\n3. CVE-2022-45472:\nDOM Based XSS\nhttps://github.com/nicbrinkley/CVE-2022-45472", "creation_timestamp": "2022-11-26T15:13:50.000000Z"}, {"uuid": "a8ea2975-e801-409d-a296-da76c01f3945", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41924", "type": "seen", "source": "https://t.me/proxy_bar/1185", "content": "CVE-2022-41924 \nRCE in Tailscale (vpn service)\n\u0437\u0430\u043d\u044f\u0442\u043d\u044b\u0439 research\n\n#vpn #rce #research", "creation_timestamp": "2022-11-22T13:58:49.000000Z"}, {"uuid": "c3ef3a3d-233c-456d-9f1d-f4bd1bbc05e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41924", "type": "published-proof-of-concept", "source": "Telegram/mfbSTcKLWZr4Y-S2lSdOO9K8BYvk0iig8C2h1gFYUYYuZOA", "content": "", "creation_timestamp": "2022-12-05T21:06:14.000000Z"}, {"uuid": "d95745b8-14c2-4ecc-bc53-fbc9aba681b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41922", "type": "seen", "source": "https://t.me/cibsecurity/53441", "content": "\u203c CVE-2022-41922 \u203c\n\n`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. This has been patched in 1.1.27.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-23T20:13:54.000000Z"}, {"uuid": "75ab6a8f-0b09-4fab-907c-729e88b0d9ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41920", "type": "seen", "source": "https://t.me/cibsecurity/53079", "content": "\u203c CVE-2022-41920 \u203c\n\nLancet is a general utility library for the go programming language. Affected versions are subject to a ZipSlip issue when using the fileutil package to unzip files. This issue has been addressed and a fix will be included in versions 2.1.10 and 1.3.4. Users are advised to upgrade. There are no known workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-17T20:18:01.000000Z"}, {"uuid": "d507404d-de87-4a13-ba46-1945fcc2000a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41921", "type": "seen", "source": "https://t.me/cibsecurity/53583", "content": "\u203c CVE-2022-41921 \u203c\n\nDiscourse is an open-source discussion platform. Prior to version 2.9.0.beta13, users can post chat messages of an unlimited length, which can cause a denial of service for other users when posting huge amounts of text. Users should upgrade to version 2.9.0.beta13, where a limit has been introduced. No known workarounds are available.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-28T18:28:03.000000Z"}, {"uuid": "c08967ef-73a5-4bad-a8d3-f38ae348b66a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41923", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/7167", "content": "Improper Privilege Management in Grails\nSpring Security Core <= 5.1.0\nCVE-2022-41923\n\nhttps://www.synacktiv.com/sites/default/files/2023-03/Synacktiv-Grails-Spring-Security-CVE-2022-41923.pdf", "creation_timestamp": "2023-03-28T16:25:13.000000Z"}, {"uuid": "4a694e42-5e94-45bf-8acc-979aeb20ab0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41924", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/6745", "content": "CVE-2022-41924 - RCE in Tailscale, DNS Rebinding, and You\nhttps://emily.id.au/tailscale", "creation_timestamp": "2022-11-28T21:02:04.000000Z"}, {"uuid": "9a1d4eee-ee64-4a95-896e-e7ab6c83e6af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41923", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7234", "content": "#exploit\n1. Workaround for CVE-2022-41923: Privilege Management Vulnerability\nhttps://github.com/grails/GSSC-CVE-2022-41923\n\n2. CVE-2022-32060:\nSnipe-IT v.6.0.2 - arbitrary file upload\nhttps://github.com/bypazs/CVE-2022-32060\n\n3. CVE-2022-45472:\nDOM Based XSS\nhttps://github.com/nicbrinkley/CVE-2022-45472", "creation_timestamp": "2022-11-24T15:40:59.000000Z"}]}