CVE-2022-24717

Опубликовано: 01 мар. 2022

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). In versions prior to 0.1.5, a cross site scripting (XSS) issue can occur when providing untrusted input to the redirect.link property as an argument to the build(MessagePageOptions) function. While there is no known workaround at this time, there is a patch in version 0.1.5.

Ссылки

https://github.com/Finastra/ssr-pages/commit/98abc59e28fec48246be0d59ac144675d6361073
Patch
Third Party Advisory
https://github.com/Finastra/ssr-pages/pull/2
Issue Tracking
Patch
Third Party Advisory
https://github.com/Finastra/ssr-pages/pull/2/commits/133606ffaec2edd9918d9fba5771ed21da7876a5
Patch
Third Party Advisory
https://github.com/Finastra/ssr-pages/security/advisories/GHSA-7f63-h6g3-7cwm
Patch
Third Party Advisory
https://github.com/Finastra/ssr-pages/commit/98abc59e28fec48246be0d59ac144675d6361073
Patch
Third Party Advisory
https://github.com/Finastra/ssr-pages/pull/2
Issue Tracking
Patch
Third Party Advisory
https://github.com/Finastra/ssr-pages/pull/2/commits/133606ffaec2edd9918d9fba5771ed21da7876a5
Patch
Third Party Advisory
https://github.com/Finastra/ssr-pages/security/advisories/GHSA-7f63-h6g3-7cwm
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:finastra:ssr-pages:*:*:*:*:*:node.js:*:*

Версия до 0.1.5 (исключая)

EPSS

Процентиль: 54%

0.00308

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-7f63-h6g3-7cwm