CVE-2022-23553

Опубликовано: 28 дек. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows URL access filter bypass. This issue has been fixed in version 1.10.4. There are no known workarounds.

Ссылки

https://github.com/stevespringett/Alpine/blob/alpine-parent-1.10.2/alpine/src/main/java/alpine/filters/BlacklistUrlFilter.java#L107-L121
Third Party Advisory
https://github.com/stevespringett/Alpine/blob/alpine-parent-1.10.2/alpine/src/main/java/alpine/filters/WhitelistUrlFilter.java#L115-L127
Third Party Advisory
https://securitylab.github.com/advisories/GHSL-2021-1009-Alpine/
Third Party Advisory
https://github.com/stevespringett/Alpine/blob/alpine-parent-1.10.2/alpine/src/main/java/alpine/filters/BlacklistUrlFilter.java#L107-L121
Third Party Advisory
https://github.com/stevespringett/Alpine/blob/alpine-parent-1.10.2/alpine/src/main/java/alpine/filters/WhitelistUrlFilter.java#L115-L127
Third Party Advisory
https://securitylab.github.com/advisories/GHSL-2021-1009-Alpine/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:alpine_project:alpine:*:*:*:*:*:*:*:*

Версия до 1.10.4 (исключая)

EPSS

Процентиль: 47%

0.00237

Низкий

7.5 High

CVSS3

Дефекты

CWE-863

NVD-CWE-Other

Связанные уязвимости

GHSA-2w4p-2hf7-gh8x