Lucene search

[email protected]CVE-2017-20166

HistoryJan 10, 2023 - 6:15 a.m.

CVE-2017-20166

2023-01-1006:15:09

[email protected]

web.nvd.nist.gov

cve-2017-20166

ecto

security

protection mechanism

is_nil

raise

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.6%

JSON

Ecto 2.2.0 lacks a certain protection mechanism associated with the interaction between is_nil and raise.

Affected configurations

NVD

Node

ecto_projectectoMatch2.2.0

CPENameOperatorVersion
ecto_project:ectoecto project ectoeq2.2.0

CPE	Name	Operator	Version
ecto_project:ecto	ecto project ecto	eq	2.2.0

References

github.com/advisories/GHSA-2xxx-fhc8-9qvq

github.com/elixir-ecto/ecto/commit/db55b0cba6525c24ebddc88ef9ae0c1c00620250

github.com/elixir-ecto/ecto/pull/2125

groups.google.com/forum/#%21topic/elixir-ecto/0m4NPfg_MMU

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.6%

JSON

Related for CVE-2017-20166

osv3 nvd1 github1 prion1 cvelist1