DATABASE RESOURCES PRICING ABOUT US

{"id": "CVE-2022-34296", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2022-34296", "description": "In Zalando Skipper before 0.13.218, a query predicate could be bypassed via a prepared request.", "published": "2022-06-23T17:15:00", "modified": "2022-07-06T16:29:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 5.0}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34296", "reporter": "cve@mitre.org", "references": ["https://github.com/zalando/skipper/releases/tag/v0.13.218"], "cvelist": ["CVE-2022-34296"], "immutableFields": [], "lastseen": "2022-07-06T18:35:43", "viewCount": 14, "enchantments": {"twitter": {"counter": 4, "tweets": [{"link": "https://twitter.com/vulnonym/status/1540073199123193860", "text": "I declare CVE-2022-34296 to be named Reflective Kou\nhttps://t.co/Fjfz1Zgwoj", "author": "vulnonym", "author_photo": "https://pbs.twimg.com/profile_images/1235605772878438405/6p9IJVtn_400x400.jpg"}, {"link": "https://twitter.com/www_sesin_at/status/1546001308208988161", "text": "New post from https://t.co/9KYxtdZjkl (CVE-2022-34296 (skipper)) has been published on https://t.co/OwwMXIlgBU", "author": "www_sesin_at", "author_photo": "https://pbs.twimg.com/profile_images/958100963822329858/fb_N8h5n_400x400.jpg"}, {"link": "https://twitter.com/WolfgangSesin/status/1546001307105984514", "text": "New post from https://t.co/uXvPWJy6tj (CVE-2022-34296 (skipper)) has been published on https://t.co/bxwZ7AEQLW", "author": "WolfgangSesin", "author_photo": "https://pbs.twimg.com/profile_images/957011635369054208/Om3jbj7z_400x400.jpg"}]}, "score": {"value": 2.6, "vector": "NONE"}, "dependencies": {"references": [{"type": "github", "idList": ["GHSA-QX2J-85Q5-FFP8"]}, {"type": "osv", "idList": ["OSV:GHSA-QX2J-85Q5-FFP8"]}, {"type": "veracode", "idList": ["VERACODE:36105"]}]}, "vulnersScore": 2.6}, "_state": {"twitter": 1657439103, "score": 1660017089, "dependencies": 1660016763}, "_internal": {"score_hash": "f88b36738379badeea808c2349846bce"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": [], "cpe23": [], "cwe": ["CWE-863"], "affectedSoftware": [{"cpeName": "zalando:skipper", "version": "0.13.218", "operator": "lt", "name": "zalando skipper"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zalando:skipper:0.13.218:*:*:*:*:*:*:*", "versionEndExcluding": "0.13.218", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://github.com/zalando/skipper/releases/tag/v0.13.218", "name": "https://github.com/zalando/skipper/releases/tag/v0.13.218", "refsource": "MISC", "tags": ["Exploit", "Patch", "Release Notes", "Third Party Advisory"]}]}

{"github": [{"lastseen": "2022-07-07T17:23:13", "description": "In Zalando Skipper before 0.13.218, a query predicate could be bypassed via a prepared request.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-24T00:00:32", "type": "github", "title": "Query predicate bypass in Zalando Skipper", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34296"], "modified": "2022-07-07T17:14:28", "id": "GHSA-QX2J-85Q5-FFP8", "href": "https://github.com/advisories/GHSA-qx2j-85q5-ffp8", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "osv": [{"lastseen": "2022-07-11T20:14:51", "description": "In Zalando Skipper before 0.13.218, a query predicate could be bypassed via a prepared request.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-24T00:00:32", "type": "osv", "title": "Query predicate bypass in Zalando Skipper", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34296"], "modified": "2022-07-07T17:14:28", "id": "OSV:GHSA-QX2J-85Q5-FFP8", "href": "https://osv.dev/vulnerability/GHSA-qx2j-85q5-ffp8", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "veracode": [{"lastseen": "2022-07-08T02:03:44", "description": "github.com/zalando/skipper is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization allowing an attacker to bypass a query predicate via a maliciously crafted request. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-24T03:21:16", "type": "veracode", "title": "Cross-site Scripting (XSS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34296"], "modified": "2022-07-06T18:45:36", "id": "VERACODE:36105", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-36105/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}]}