CVE-2022-41777

2022-12-0504:15:09

[email protected]

web.nvd.nist.gov

cve-2022-41777

nako3edit

nadesiko3

vulnerability

remote code injection

security

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.8%

JSON

Improper check or handling of exceptional conditions vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash.

Affected configurations

NVD

Node

kujirahandnadesiko3Range≤3.3.74

CPENameOperatorVersion
kujirahand:nadesiko3kujirahand nadesiko3le3.3.74

CPE	Name	Operator	Version
kujirahand:nadesiko3	kujirahand nadesiko3	le	3.3.74

CNA Affected

[
  {
    "vendor": "kujirahand",
    "product": "Nako3edit, editor component of nadesiko3 (PC Version)",
    "versions": [
      {
        "version": "v3.3.74 and earlier",
        "status": "affected"
      }
    ]
  }
]