CVE-2022-41905

Опубликовано: 11 нояб. 2022

Источник: nvd

CVSS3: 8.2

CVSS3: 6.1

EPSS Низкий

Описание

WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting (XSS) attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set dir_browser.enable = False in the configuration.

Ссылки

https://github.com/mar10/wsgidav/commit/e9606ab0f42f4c1a6611bc3c52de299b0aba7726
Patch
Third Party Advisory
https://github.com/mar10/wsgidav/security/advisories/GHSA-xx6g-jj35-pxjv
Mitigation
Third Party Advisory
https://github.com/mar10/wsgidav/commit/e9606ab0f42f4c1a6611bc3c52de299b0aba7726
Patch
Third Party Advisory
https://github.com/mar10/wsgidav/security/advisories/GHSA-xx6g-jj35-pxjv
Mitigation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wsgidav_project:wsgidav:*:*:*:*:*:*:*:*

Версия от 3.0.0 (включая) до 4.1.0 (исключая)

EPSS

Процентиль: 28%

0.001

Низкий

8.2 High

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-xx6g-jj35-pxjv

CVSS3: 8.2

github

почти 3 года назад

Cross Site Scripting vulnerability in wsgidav when directory browsing is enabled

EPSS

Процентиль: 28%

0.001

Низкий

8.2 High

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79