Описание
Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8.
A flaw was found in urijs due to the fix of CVE-2021-3647 not considering case-sensitive protocol schemes in the URL. This issue allows attackers to bypass the patch.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| .NET Core 5.0 on Red Hat Enterprise Linux | rh-dotnet50-dotnet | Out of support scope | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/mcm-topology-rhel8 | Will not fix | ||
| Red Hat Enterprise Linux 8 | dotnet5.0 | Will not fix | ||
| Red Hat Quay 3 | quay/quay-rhel8 | Affected | ||
| .NET Core on Red Hat Enterprise Linux | rh-dotnet31-dotnet | Fixed | RHBA-2022:1352 | 13.04.2022 |
| Red Hat Advanced Cluster Management for Kubernetes 2 | acm-grafana-container | Fixed | RHSA-2022:1681 | 03.05.2022 |
| Red Hat Advanced Cluster Management for Kubernetes 2 | acm-must-gather-container | Fixed | RHSA-2022:1681 | 03.05.2022 |
| Red Hat Advanced Cluster Management for Kubernetes 2 | acm-operator-bundle-container | Fixed | RHSA-2022:1681 | 03.05.2022 |
| Red Hat Advanced Cluster Management for Kubernetes 2 | application-ui-container | Fixed | RHSA-2022:1681 | 03.05.2022 |
| Red Hat Advanced Cluster Management for Kubernetes 2 | assisted-image-service-container | Fixed | RHSA-2022:1681 | 03.05.2022 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-178->CWE-639
https://bugzilla.redhat.com/show_bug.cgi?id=2055496urijs: Authorization Bypass Through User-Controlled Key
EPSS
Процентиль: 31%
0.00119
Низкий
6.5 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.5
ubuntu
почти 4 года назад
Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8.
CVSS3: 6.5
nvd
почти 4 года назад
Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8.
CVSS3: 6.5
debian
почти 4 года назад
Authorization Bypass Through User-Controlled Key in NPM urijs prior to ...
CVSS3: 6.5
github
почти 4 года назад
Authorization Bypass Through User-Controlled Key in urijs
EPSS
Процентиль: 31%
0.00119
Низкий
6.5 Medium
CVSS3