CVE-2022-47925

Опубликовано: 27 мар. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

The validate JSON endpoint of the Secvisogram csaf-validator-service in versions < 0.1.0 processes tests with unexpected names. This insufficient input validation of requests by an unauthenticated remote user might lead to a partial DoS of the service. Only the request of the attacker is affected by this vulnerability.

Ссылки

https://wid.cert-bund.de/.well-known/csaf/white/2022/bsi-2022-0004.json
Third Party Advisory
https://wid.cert-bund.de/.well-known/csaf/white/2022/bsi-2022-0004.json
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:csaf-validator-lib_project:csaf-validator-lib:*:*:*:*:*:*:*:*

Версия до 0.1.0 (исключая)

EPSS

Процентиль: 51%

0.00285

Низкий

7.5 High

CVSS3

Дефекты

CWE-20

Связанные уязвимости

GHSA-h22p-qvm6-c9p5

CVSS3: 5.3

github

почти 3 года назад

The validate JSON endpoint of the Secvisogram csaf-validator-service in versions < 0.1.0 processes tests with unexpected names. This insufficient input validation of requests by an unauthenticated remote user might lead to a DoS of the process answering the current request while having no effect on other requests.