exploitDog

CVE-2021-38384

Опубликовано: 10 авг. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code (i.e., possibly greater than expected permissions).

Ссылки

https://github.com/dherault/serverless-offline/issues/1259
Exploit
Third Party Advisory
https://github.com/dherault/serverless-offline/issues/1259
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:serverless_offline_project:serverless_offline:8.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 55%

0.00328

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-755

Связанные уязвимости

GHSA-h97f-5258-5593

CVSS3: 9.8

github

больше 4 лет назад

Incorrect Authorization in serverless-offline

EPSS

Процентиль: 55%

0.00328

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-755