Lucene search

K
githubGitHub Advisory DatabaseGHSA-4R2F-6FM9-2QGH
HistoryJan 10, 2023 - 6:30 a.m.

Ecto lacks a protection mechanism

2023-01-1006:30:25
GitHub Advisory Database
github.com
10
ecto 2.2.0
protection mechanism
is_nil
raise
interaction

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

62.3%

Ecto 2.2.0 lacks a certain protection mechanism associated with the interaction between is_nil and raise.

Affected configurations

Vulners
Node
-ectoMatch2.2.0
VendorProductVersionCPE
-ecto2.2.0cpe:2.3:a:-:ecto:2.2.0:*:*:*:*:*:*:*

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

62.3%

Related for GHSA-4R2F-6FM9-2QGH