Lucene search

GitHub Advisory DatabaseGHSA-M589-MV4Q-P7RJ

HistoryJan 13, 2023 - 9:30 p.m.

webbrowser-rs allows attackers to access arbitrary files via supplying a crafted URL

2023-01-1321:30:26

CWE-22

GitHub Advisory Database

github.com

rust-lang webbrowser-rs

v0.8.2

ipfile argument

security vulnerability

arbitrary files

crafted url

software

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

61.5%

JSON

An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL.

Affected configurations

Vulners

Node

webbrowser_projectwebbrowserRange<0.8.3rust

CPENameOperatorVersion
webbrowserlt0.8.3

CPE	Name	Operator	Version
	webbrowser	lt	0.8.3

References

github.com/advisories/GHSA-m589-mv4q-p7rj

github.com/amodm/webbrowser-rs/commit/431b5139e274b7e456bea27e768aaa121b97be4c

github.com/amodm/webbrowser-rs/releases/tag/v0.8.3

github.com/offalltn/CVE-2022-45299

nvd.nist.gov/vuln/detail/CVE-2022-45299

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

61.5%

JSON

Related for GHSA-M589-MV4Q-P7RJ