GHSA-p757-4v3p-j74f

Опубликовано: 09 июл. 2022

Источник: github

Github: Прошло ревью

CVSS3: 8.8

Описание

Known vulnerable to account takeover via host header injection attack in v1.3.1

Known v1.3.1 was discovered to allow attackers to perform an account takeover via a host header injection attack.

The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x branch is currently on the dev branch of the idno/known repository.

Ссылки

Пакеты

Наименование

idno/known

composer

Затронутые версииВерсия исправления

<= 1.3.1

Отсутствует

EPSS

Процентиль: 65%

0.00496

Низкий

8.8 High

CVSS3

CVE ID

CVE-2022-33011

Дефекты

CWE-74

Связанные уязвимости

CVE-2022-33011

CVSS3: 8.8

nvd

больше 3 лет назад

Known v1.3.1+2020120201 was discovered to allow attackers to perform an account takeover via a host header injection attack.

EPSS

Процентиль: 65%

0.00496

Низкий

8.8 High

CVSS3

CVE ID

CVE-2022-33011

Дефекты

CWE-74