exploitDog

CVE-2017-20166

Опубликовано: 10 янв. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Ecto 2.2.0 lacks a certain protection mechanism associated with the interaction between is_nil and raise.

Ссылки

https://github.com/advisories/GHSA-2xxx-fhc8-9qvq
Third Party Advisory
https://github.com/elixir-ecto/ecto/commit/db55b0cba6525c24ebddc88ef9ae0c1c00620250
Patch
Third Party Advisory
https://github.com/elixir-ecto/ecto/pull/2125
Exploit
Third Party Advisory
https://groups.google.com/forum/#%21topic/elixir-ecto/0m4NPfg_MMU
https://github.com/advisories/GHSA-2xxx-fhc8-9qvq
Third Party Advisory
https://github.com/elixir-ecto/ecto/commit/db55b0cba6525c24ebddc88ef9ae0c1c00620250
Patch
Third Party Advisory
https://github.com/elixir-ecto/ecto/pull/2125
Exploit
Third Party Advisory
https://groups.google.com/forum/#%21topic/elixir-ecto/0m4NPfg_MMU

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ecto_project:ecto:2.2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00601

Низкий

9.8 Critical

CVSS3

Дефекты

NVD-CWE-Other

CWE-754

Связанные уязвимости

GHSA-2xxx-fhc8-9qvq

CVSS3: 9.8

github

почти 4 года назад

Ecto missing `is_nil` requirement

EPSS

Процентиль: 69%

0.00601

Низкий

9.8 Critical

CVSS3

Дефекты

NVD-CWE-Other

CWE-754