CVE-2022-25881

Опубликовано: 31 янв. 2023

Источник: nvd

CVSS3: 5.3

CVSS3: 7.5

EPSS Низкий

Описание

This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.

Ссылки

https://github.com/kornelski/http-cache-semantics/blob/master/index.js%23L83
Broken Link
https://security.netapp.com/advisory/ntap-20230622-0008/
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3253332
Exploit
Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783
Exploit
Third Party Advisory
https://github.com/kornelski/http-cache-semantics/blob/master/index.js%23L83
Broken Link
https://security.netapp.com/advisory/ntap-20230622-0008/
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3253332
Exploit
Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:http-cache-semantics_project:http-cache-semantics:*:*:*:*:*:node.js:*:*

Версия до 4.1.1 (исключая)

EPSS

Процентиль: 39%

0.00169

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-1333

Связанные уязвимости

CVE-2022-25881

CVSS3: 7.5

redhat

почти 3 года назад

CVE-2022-25881

CVSS3: 7.5

msrc

почти 3 года назад

This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server when that server reads the cache policy from the request using this library.

SUSE-SU-2023:1942-1

suse-cvrf

больше 2 лет назад

Security update for nodejs16

SUSE-SU-2023:1924-1

suse-cvrf

больше 2 лет назад

Security update for nodejs16

SUSE-SU-2023:1923-1

suse-cvrf

больше 2 лет назад

Security update for nodejs16

EPSS

Процентиль: 39%

0.00169

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-1333