GHSA-rhg5-fqr3-hrf5

Опубликовано: 10 фев. 2022

Источник: github

Github: Прошло ревью

CVSS3: 6.1

Описание

Injection in DeltaSpike

we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. This is only active if a developer selected the ClientSideWindowStrategy which is not the default.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2019-12416
https://lists.apache.org/thread.html/r848d7d4c0bf637da55f01103eb8ba0fce344c295fda53264cbaa1568@%3Ccommits.camel.apache.org%3E
https://lists.apache.org/thread.html/r8f327712b2b07f867fde1e77cbafcf8cc6a3facaa693ffdd2c3285e3%40%3Cdev.deltaspike.apache.org%3E

Пакеты

Наименование

org.apache.deltaspike:deltaspike

maven

Затронутые версииВерсия исправления

<= 1.9.3

1.9.4

EPSS

Процентиль: 75%

0.00859

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2019-12416

Дефекты

CWE-74

Связанные уязвимости

CVE-2019-12416

CVSS3: 6.1

nvd

почти 6 лет назад

we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. This is only active if a developer selected the ClientSideWindowStrategy which is not the default.

EPSS

Процентиль: 75%

0.00859

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2019-12416

Дефекты

CWE-74