Опубликовано: 09 сент. 2022
Источник: github
Github: Прошло ревью
CVSS4: 9.3
CVSS3: 8.8
Описание
rdiffweb vulnerable to Improper Restriction of Rendered UI Layers or Frames
rdiffweb prior to 2.4.1 is vulnerable to Improper Restriction of Rendered UI Layers or Frames. This allows attackers to perform clickjacking attacks that can trick victims into performing actions such as entering passwords, liking or deleting posts, and/or initiating an account deletion. This issue has been patched in version 2.4.1.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-3167
- https://github.com/ikus060/rdiffweb/commit/7294bb7466532762c93d711211e5958940c1b428
- https://github.com/advisories/GHSA-m379-x4xc-38x9
- https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-268.yaml
- https://huntr.dev/bounties/e5c2625b-34cc-4805-8223-80f2689e4e5c
Пакеты
Наименование
rdiffweb
pip
Затронутые версииВерсия исправления
< 2.4.1
2.4.1
Связанные уязвимости
CVSS3: 8.8
nvd
больше 3 лет назад
Improper Restriction of Rendered UI Layers or Frames in GitHub repository ikus060/rdiffweb prior to 2.4.1.
CVSS3: 8.8
debian
больше 3 лет назад
Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...