Описание
SteVe Community ocpp-jaxb before 0.0.8 generates invalid timestamps such as ones with month 00 in certain situations (such as when an application receives a StartTransaction Open Charge Point Protocol message with a timestamp parameter of 1000000). This may lead to a SQL exception in applications, and may undermine the integrity of transaction records.
Ссылки
- Product
- ExploitIssue Tracking
- ExploitIssue TrackingVendor Advisory
- Product
- ExploitIssue Tracking
- ExploitIssue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.0.8 (исключая)
cpe:2.3:a:steve-community:ocpp-jaxb:*:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00306
Низкий
7.5 High
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 7.5
github
около 2 лет назад
SteVe Community ocpp-jaxb before 0.0.8 generates invalid timestamps such as ones with month 00 in certain situations (such as when an application receives a StartTransaction Open Charge Point Protocol message with a timestamp parameter of 1000000). This may lead to a SQL exception in applications, and may undermine the integrity of transaction records.
EPSS
Процентиль: 53%
0.00306
Низкий
7.5 High
CVSS3
Дефекты
CWE-89