ghsa-qq29-5vjh-vxwr
Vulnerability from github
Published
2022-09-27 00:00
Modified
2022-09-30 04:44
Severity
Summary
rdiffweb vulnerable to Improper Cleanup on Thrown Exception
Details
rdiffweb prior to version 2.4.8 is vulnerable to Improper Cleanup on Thrown Exception. This could allow an attacker to display a message of their choice onto a web page. Version 2.4.8 contains a fix for this issue.
{ "affected": [ { "package": { "ecosystem": "PyPI", "name": "rdiffweb" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "2.4.8" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2022-3301" ], "database_specific": { "cwe_ids": [ "CWE-460" ], "github_reviewed": true, "github_reviewed_at": "2022-09-30T04:44:55Z", "nvd_published_at": "2022-09-26T11:15:00Z", "severity": "LOW" }, "details": "rdiffweb prior to version 2.4.8 is vulnerable to Improper Cleanup on Thrown Exception. This could allow an attacker to display a message of their choice onto a web page. Version 2.4.8 contains a fix for this issue.", "id": "GHSA-qq29-5vjh-vxwr", "modified": "2022-09-30T04:44:55Z", "published": "2022-09-27T00:00:22Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3301" }, { "type": "WEB", "url": "https://github.com/ikus060/rdiffweb/commit/5ac38b2a75becbab9f948bd5e37ecbcd9f0b362e" }, { "type": "PACKAGE", "url": "https://github.com/ikus060/rdiffweb" }, { "type": "WEB", "url": "https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-295.yaml" }, { "type": "WEB", "url": "https://huntr.dev/bounties/d3bf1e5d-055a-44b8-8d60-54ab966ed63a" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "type": "CVSS_V3" } ], "summary": "rdiffweb vulnerable to Improper Cleanup on Thrown Exception" }
Loading...