exploitDog

CVE-2022-35142

Опубликовано: 04 авг. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

An issue in Renato v0.17.0 allows attackers to cause a Denial of Service (DoS) via a crafted payload injected into the Search parameter.

Ссылки

http://raneto.com/
Product
https://cwe.mitre.org/data/definitions/703.html
Third Party Advisory
https://gainsec.com/2022/08/04/cve-2022-35142-cve-2022-35143-cve-2022-35144/
Exploit
Patch
Third Party Advisory
https://github.com/gilbitron/Raneto/releases
Third Party Advisory
http://raneto.com/
Product
https://cwe.mitre.org/data/definitions/703.html
Third Party Advisory
https://gainsec.com/2022/08/04/cve-2022-35142-cve-2022-35143-cve-2022-35144/
Exploit
Patch
Third Party Advisory
https://github.com/gilbitron/Raneto/releases
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:raneto_project:raneto:*:*:*:*:*:node.js:*:*

Версия до 0.17.1 (исключая)

EPSS

Процентиль: 65%

0.00491

Низкий

7.5 High

CVSS3

Дефекты

CWE-287

Связанные уязвимости

GHSA-xxc2-j7jj-6g5m

CVSS3: 7.5

github

около 3 лет назад

Raneto Denial of Service via crafted payload injected into `Search` parameter

EPSS

Процентиль: 65%

0.00491

Низкий

7.5 High

CVSS3

Дефекты

CWE-287