exploitDog

CVE-2022-25921

Опубликовано: 29 авг. 2022

Источник: nvd

CVSS3: 8.1

CVSS3: 9.8

EPSS Низкий

Описание

All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor.

Ссылки

https://github.com/indexzero/morgan-json/blob/3a76010215a4256d41687d082cd66c4f00ea5717/index.js%23L46
Broken Link
https://security.snyk.io/vuln/SNYK-JS-MORGANJSON-2976193
Exploit
Third Party Advisory
https://github.com/indexzero/morgan-json/blob/3a76010215a4256d41687d082cd66c4f00ea5717/index.js%23L46
Broken Link
https://security.snyk.io/vuln/SNYK-JS-MORGANJSON-2976193
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:morgan-json_project:morgan-json:*:*:*:*:*:node.js:*:*

EPSS

Процентиль: 75%

0.00894

Низкий

8.1 High

CVSS3

9.8 Critical

CVSS3

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-fwv4-6mxc-x5h3

CVSS3: 9.8

github

больше 3 лет назад

morgan-json vulnerable to Arbitrary Code Execution

EPSS

Процентиль: 75%

0.00894

Низкий

8.1 High

CVSS3

9.8 Critical

CVSS3

Дефекты

NVD-CWE-Other