Lucene search

@huntrdevCVELIST:CVE-2022-1813

HistoryMay 22, 2022 - 4:10 p.m.

CVE-2022-1813 OS Command Injection in yogeshojha/rengine

2022-05-2216:10:09

CWE-78

@huntrdev

www.cve.org

cve-2022-1813

command injection

github repository

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H

AI Score

Confidence

High

EPSS

0.003

Percentile

70.2%

JSON

OS Command Injection in GitHub repository yogeshojha/rengine prior to 1.2.0.

CNA Affected

[
  {
    "product": "yogeshojha/rengine",
    "vendor": "yogeshojha",
    "versions": [
      {
        "lessThan": "1.2.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/yogeshojha/rengine/commit/8277cec0f008a0451371a92e7e0bf082ab3f0c34

huntr.dev/bounties/b255cf59-9ecd-4255-b9a2-b40b5ec6c572

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H

AI Score

Confidence

High

EPSS

0.003

Percentile

70.2%

JSON

Related for CVELIST:CVE-2022-1813