Open TheKingTermux opened 2 years ago
Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0.
7.3
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality Low
Integrity Low
Availability Low
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Weaknesses CWE-639
CVE ID CVE-2022-0624
GHSA ID GHSA-3j8f-xvm3-ffx4
Package parse-path (npm)
Affected versions < 5.0.0
Patched versions 5.0.0
https://nvd.nist.gov/vuln/detail/CVE-2022-0624
IonicaBizau/parse-path@f9ad885
https://huntr.dev/bounties/afffb2bd-fb06-4144-829e-ecbbcbc85388
Stale issue message
P
Isu ini sudah tidak ada perkembangan
Description
Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0.
Severity Check
Severity Number
7.3
CVSS base metrics
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality Low
Integrity Low
Availability Low
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Weaknesses CWE-639
CVE ID CVE-2022-0624
GHSA ID GHSA-3j8f-xvm3-ffx4
Information
Package parse-path (npm)
Affected versions < 5.0.0
Patched versions 5.0.0
References
https://nvd.nist.gov/vuln/detail/CVE-2022-0624
IonicaBizau/parse-path@f9ad885
https://huntr.dev/bounties/afffb2bd-fb06-4144-829e-ecbbcbc85388