Open mend-bolt-for-github[bot] opened 1 year ago
The Denial of Service (DoS) attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. Source: https://www.owasp.org/index.php/Denial_of_Service
Use of vulnerable components will introduce weaknesses into the application. Components with published vulnerabilities will allow easy exploitation as resources will often be available to automate the process.
CVE-2022-40899 - High Severity Vulnerability
Vulnerable Library - future-0.16.0.tar.gz
Clean single-source support for Python 3 and 2
Library home page: https://files.pythonhosted.org/packages/00/2b/8d082ddfed935f3608cc61140df6dcbf0edea1bc3ab52fb6c29ae3e81e85/future-0.16.0.tar.gz
Path to dependency file: /rekall-core
Path to vulnerable library: /rekall-core,/rekall-gui,/src,/rekall-agent,/tmp/ws-scm/win10_rekall
Dependency Hierarchy: - :x: **future-0.16.0.tar.gz** (Vulnerable Library)
Found in base branch: win10_compressed_memory
Vulnerability Details
An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server.
Publish Date: 2022-12-22
URL: CVE-2022-40899
CVSS 3 Score Details (7.5)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Step up your Open Source Security Game with Mend here