exploitDog

CVE-2022-41945

Опубликовано: 21 нояб. 2022

Источник: nvd

CVSS3: 6.5

CVSS3: 9.8

EPSS Низкий

Описание

super-xray is a vulnerability scanner (xray) GUI launcher. In version 0.1-beta, the URL is not filtered and directly spliced into the command, resulting in a possible RCE vulnerability. Users should upgrade to super-xray 0.2-beta.

Ссылки

https://github.com/4ra1n/super-xray/releases/tag/0.2-beta
Release Notes
Third Party Advisory
https://github.com/4ra1n/super-xray/security/advisories/GHSA-732j-763p-cvqg
Exploit
Third Party Advisory
https://github.com/4ra1n/super-xray/releases/tag/0.2-beta
Release Notes
Third Party Advisory
https://github.com/4ra1n/super-xray/security/advisories/GHSA-732j-763p-cvqg
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:super-xray_project:super-xray:0.1:beta:*:*:*:*:*:*

EPSS

Процентиль: 67%

0.00535

Низкий

6.5 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-94

NVD-CWE-Other

EPSS

Процентиль: 67%

0.00535

Низкий

6.5 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-94

NVD-CWE-Other