Lucene search

@huntrdevCVELIST:CVE-2023-0247

HistoryJan 12, 2023 - 12:00 a.m.

CVE-2023-0247 Uncontrolled Search Path Element in bits-and-blooms/bloom

2023-01-1200:00:00

CWE-427

@huntrdev

www.cve.org

github

repository

security

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

31.8%

JSON

Uncontrolled Search Path Element in GitHub repository bits-and-blooms/bloom prior to 3.3.1.

CNA Affected

[
  {
    "vendor": "bits-and-blooms",
    "product": "bits-and-blooms/bloom",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "3.3.1",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/bits-and-blooms/bloom/commit/658f1393d4c52254a3d22f5f64f217405ec5fefb

huntr.dev/bounties/cab50e44-0995-4ac1-a5d5-889293b9704f

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

31.8%

JSON

Related for CVELIST:CVE-2023-0247