CVE-2022-0355

Опубликовано: 26 янв. 2022

Источник: nvd

CVSS3: 8.8

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Improper Removal of Sensitive Information Before Storage or Transfer in NPM simple-get prior to 4.0.1.

Ссылки

https://github.com/advisories/GHSA-wpg7-2c88-r8xv
Third Party Advisory
https://github.com/feross/simple-get/commit/e4af095e06cd69a9235013e8507e220a79b9684f
Patch
Third Party Advisory
https://huntr.dev/bounties/42c79c23-6646-46c4-871d-219c0d4b4e31
Exploit
Third Party Advisory
https://github.com/advisories/GHSA-wpg7-2c88-r8xv
Third Party Advisory
https://github.com/feross/simple-get/commit/e4af095e06cd69a9235013e8507e220a79b9684f
Patch
Third Party Advisory
https://huntr.dev/bounties/42c79c23-6646-46c4-871d-219c0d4b4e31
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:simple-get_project:simple-get:*:*:*:*:*:node.js:*:*

Версия до 2.8.2 (исключая)

cpe:2.3:a:simple-get_project:simple-get:*:*:*:*:*:node.js:*:*

Версия от 3.0.0 (включая) до 3.1.1 (исключая)

cpe:2.3:a:simple-get_project:simple-get:4.0.0:*:*:*:*:node.js:*:*

EPSS

Процентиль: 64%

0.0046

Низкий

8.8 High

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-212

Связанные уязвимости

CVE-2022-0355

CVSS3: 7.5

redhat

около 4 лет назад

Improper Removal of Sensitive Information Before Storage or Transfer in NPM simple-get prior to 4.0.1.

GHSA-wpg7-2c88-r8xv

CVSS3: 7.5

github

около 4 лет назад

Exposure of Sensitive Information in simple-get

EPSS

Процентиль: 64%

0.0046

Низкий

8.8 High

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-212