Описание
Raneto Denial of Service via crafted payload injected into Search parameter
An issue in Renato v0.17.0 allows attackers to cause a Denial of Service (DoS) via a crafted payload injected into the Search parameter.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-35142
- https://github.com/ryanlelek/Raneto/issues/368
- https://github.com/ryanlelek/Raneto/pull/370
- https://cwe.mitre.org/data/definitions/703.html
- https://gainsec.com/2022/08/04/cve-2022-35142-cve-2022-35143-cve-2022-35144
- https://github.com/gilbitron/Raneto/releases
- https://github.com/ryanlelek/Raneto/releases/tag/0.17.1
- http://raneto.com
Пакеты
Наименование
raneto
npm
Затронутые версииВерсия исправления
<= 0.17.0
0.17.1
Связанные уязвимости
CVSS3: 7.5
nvd
около 3 лет назад
An issue in Renato v0.17.0 allows attackers to cause a Denial of Service (DoS) via a crafted payload injected into the Search parameter.