CVE-2022-24718

Опубликовано: 01 мар. 2022

Источник: nvd

CVSS3: 7.6

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). In versions prior to 0.1.4, a path traversal issue can occur when providing untrusted input to the svg property as an argument to the build(MessagePageOptions) function. While there is no known workaround at this time, there is a patch in version 0.1.4.

Ссылки

https://github.com/Finastra/ssr-pages/pull/1
Patch
Third Party Advisory
https://github.com/Finastra/ssr-pages/pull/1/commits/c3e4c563384ae3ba3892f37dd190218577620780
Patch
Third Party Advisory
https://github.com/Finastra/ssr-pages/security/advisories/GHSA-w6cx-qg2q-rvq8
Patch
Third Party Advisory
https://github.com/Finastra/ssr-pages/pull/1
Patch
Third Party Advisory
https://github.com/Finastra/ssr-pages/pull/1/commits/c3e4c563384ae3ba3892f37dd190218577620780
Patch
Third Party Advisory
https://github.com/Finastra/ssr-pages/security/advisories/GHSA-w6cx-qg2q-rvq8
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:finastra:ssr-pages:*:*:*:*:*:node.js:*:*

Версия до 0.1.4 (исключая)

EPSS

Процентиль: 68%

0.00582

Низкий

7.6 High

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-w6cx-qg2q-rvq8

CVSS3: 7.6

github

почти 4 года назад

Path Traversal in @finastra/ssr-pages

EPSS

Процентиль: 68%

0.00582

Низкий

7.6 High

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-22