exploitDog

CVE-2022-39303

Опубликовано: 13 окт. 2022

Источник: nvd

CVSS3: 8.1

CVSS3: 9.8

EPSS Низкий

Описание

Ree6 is a moderation bot. This vulnerability allows manipulation of SQL queries. This issue has been patched in version 1.7.0 by using Javas PreparedStatements, which allow object setting without the risk of SQL injection. There are currently no known workarounds.

Ссылки

https://github.com/Ree6-Applications/Ree6/compare/1.6.4...1.7.
Release Notes
Third Party Advisory
https://github.com/Ree6-Applications/Ree6/security/advisories/GHSA-69xv-xjfw-4pv8
Patch
Third Party Advisory
https://github.com/Ree6-Applications/Ree6/compare/1.6.4...1.7.
Release Notes
Third Party Advisory
https://github.com/Ree6-Applications/Ree6/security/advisories/GHSA-69xv-xjfw-4pv8
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ree6:ree6:*:*:*:*:*:*:*:*

Версия до 1.7.0 (исключая)

EPSS

Процентиль: 54%

0.00316

Низкий

8.1 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-89

EPSS

Процентиль: 54%

0.00316

Низкий

8.1 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-89