exploitDog

CVE-2022-39824

Опубликовано: 05 сент. 2022

Источник: nvd

CVSS3: 8.9

EPSS Низкий

Описание

Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbitrary JavaScript code from the server via the currentItem property of the list widget, e.g., to perform DoS attacks or achieve an information leak.

Ссылки

https://github.com/FCncdn/Appsmith-Js-Injection-POC
Exploit
Third Party Advisory
https://github.com/appsmithorg/appsmith/releases
Release Notes
Third Party Advisory
https://github.com/FCncdn/Appsmith-Js-Injection-POC
Exploit
Third Party Advisory
https://github.com/appsmithorg/appsmith/releases
Release Notes
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:appsmith:appsmith:*:*:*:*:*:*:*:*

Версия до 1.7.14 (включая)

EPSS

Процентиль: 72%

0.007

Низкий

8.9 High

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-grcg-mvxj-m89r

CVSS3: 8.9

github

больше 3 лет назад

Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbitrary JavaScript code from the server via the currentItem property of the list widget, e.g., to perform DoS attacks or achieve an information leak.

EPSS

Процентиль: 72%

0.007

Низкий

8.9 High

CVSS3

Дефекты

CWE-79