exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2022-24803

почти 4 года назад

Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible even when `allow-uri-read` is disabled! The problem has been patched in the referenced commits.

CVSS3: 10

EPSS: Низкий

CVE-2022-24803

почти 4 года назад

Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible even when `allow-uri-read` is disabled! The problem has been patched in the referenced commits.

CVSS3: 10

EPSS: Низкий

CVE-2022-24803

почти 4 года назад

Asciidoctor-include-ext is Asciidoctor\u2019s standard include process ...

CVSS3: 10

EPSS: Низкий

GHSA-v222-6mr4-qj29

почти 4 года назад

Command Injection vulnerability in asciidoctor-include-ext

CVSS3: 10

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2022-24803 Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible even when `allow-uri-read` is disabled! The problem has been patched in the referenced commits.	CVSS3: 10	1% Низкий	почти 4 года назад
CVE-2022-24803 Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible even when `allow-uri-read` is disabled! The problem has been patched in the referenced commits.	CVSS3: 10	1% Низкий	почти 4 года назад
CVE-2022-24803 Asciidoctor-include-ext is Asciidoctor\u2019s standard include process ...	CVSS3: 10	1% Низкий	почти 4 года назад
GHSA-v222-6mr4-qj29 Command Injection vulnerability in asciidoctor-include-ext	CVSS3: 10	1% Низкий	почти 4 года назад

Уязвимостей на страницу