search

idmarinas / lotgd-game

The version IDMarinas Edition is based on the version 1.1.2 Dragonprime by Dragonprime Development Team (Dragonprime) and have code of Oliver Brendel (NB Core).
https://lotgd.infommo.es
Other
36 stars 3 forks source link

CVE-2022-0442 (Medium) detected in rector/rector-0.11.60 - autoclosed #1268

Closed mend-bolt-for-github[bot] closed 2 years ago

mend-bolt-for-github[bot] commented 2 years ago

CVE-2022-0442 - Medium Severity Vulnerability

Vulnerable Library - rector/rector-0.11.60

Prefixed and PHP 7.1 downgraded version of rector/rector

Library home page: https://api.github.com/repos/rectorphp/rector/zipball/428f593818f8c50fe12c543e8c0a107f9bd899ae

Dependency Hierarchy: - :x: **rector/rector-0.11.60** (Vulnerable Library)

Found in HEAD commit: 169b3be90266eea12d7449a1f13399a7dd51f6a0

Found in base branch: migration

Vulnerability Details

The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar.

Publish Date: 2022-03-07

URL: CVE-2022-0442

CVSS 3 Score Details (4.3)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: Low - Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://wpscan.com/vulnerability/9cf0822a-c9d6-4ebc-b905-95b143d1a692

Release Date: 2022-03-07

Fix Resolution: 1.2.3.1

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github[bot] commented 2 years ago

:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.