Lucene search
GitHub Advisory DatabaseGHSA-P8F7-22GQ-M7J9HistoryOct 17, 2022 - 12:00 p.m.
Phoenix before 1.6.14 mishandles check_origin wildcarding
2022-10-1712:00:27
CWE-346
GitHub Advisory Database
github.com
9
phoenix
1.6.14
check_origin
wildcarding
liveview
csrf
token
software
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
31.8%
socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token.
Affected configurations
Node
phoenixframeworkphoenixRange<1.6.14
| Vendor | Product | Version | CPE |
|---|---|---|---|
| phoenixframework | phoenix | * | cpe:2.3:a:phoenixframework:phoenix:*:*:*:*:*:*:*:* |
Related
osv
osv
CVE-2022-42975
2022-10-17 06:15:08
Phoenix before 1.6.14 mishandles check_origin wildcarding
2022-10-17 12:00:27
cvelist
cvelist
CVE-2022-42975
2022-10-17 00:00:00
nvd
nvd
CVE-2022-42975
2022-10-17 06:15:08
prion
prion
Cross site request forgery (csrf)
2022-10-17 06:15:00
cve
cve
CVE-2022-42975
2022-10-17 06:15:08
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
31.8%
Related for GHSA-P8F7-22GQ-M7J9