GHSA-8v4w-jr33-4rh3

Опубликовано: 30 нояб. 2023

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Apache Cocoon SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Cocoon. This issue affects Apache Cocoon: from 2.2.0 before 2.3.0.

Users are recommended to upgrade to version 2.3.0, which fixes the issue.

Ссылки

Пакеты

Наименование

org.apache.cocoon:cocoon

maven

Затронутые версииВерсия исправления

>= 2.2.0, < 2.3.0

2.3.0

EPSS

Процентиль: 81%

0.0148

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2022-45135

Дефекты

CWE-89

Связанные уязвимости

CVE-2022-45135

CVSS3: 9.8

nvd

около 2 лет назад

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue.

EPSS

Процентиль: 81%

0.0148

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2022-45135

Дефекты

CWE-89