CVE-2023-50694

Опубликовано: 19 янв. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote attacker to send a malicious crafted request due to insufficient parsing in the parser.nim component.

Ссылки

https://gist.github.com/anas-cherni/c95e2fc1fd84d93167eb60193318d0b8
Third Party Advisory
https://github.com/dom96/httpbeast/issues/95
Exploit
Issue Tracking
https://github.com/dom96/httpbeast/pull/96
Issue Tracking
Patch
https://gist.github.com/anas-cherni/c95e2fc1fd84d93167eb60193318d0b8
Third Party Advisory
https://github.com/dom96/httpbeast/issues/95
Exploit
Issue Tracking
https://github.com/dom96/httpbeast/pull/96
Issue Tracking
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dom96:httpbeast:*:*:*:*:*:*:*:*

Версия до 0.4.1 (включая)

EPSS

Процентиль: 85%

0.02418

Низкий

9.8 Critical

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-20

Связанные уязвимости

GHSA-ww2r-9459-jw7x