Lucene search

@huntrdevCVELIST:CVE-2023-0643

HistoryFeb 02, 2023 - 12:00 a.m.

CVE-2023-0643 Improper Handling of Additional Special Element in squidex/squidex

2023-02-0200:00:00

CWE-167

@huntrdev

www.cve.org

cve-2023-0643

squidex

github repository

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

25.5%

JSON

Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0.

CNA Affected

[
  {
    "vendor": "squidex",
    "product": "squidex/squidex",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "7.4.0",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/squidex/squidex/commit/cf4efc52eab17098474d73ccff6c136fc2f737db

huntr.dev/bounties/ea90f8b9-d8fe-4432-9a52-4d663400c52f

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

25.5%

JSON

Related for CVELIST:CVE-2023-0643