Lucene search

GitHub Advisory DatabaseGHSA-X2JX-W3WM-9P3P

HistoryDec 05, 2022 - 6:30 a.m.

nadesiko3 allows remote attacker to inject invalid value to decodeURIComponent of nako3edit

2022-12-0506:30:22

CWE-703

CWE-755

GitHub Advisory Database

github.com

nadesiko 3

nako3edit

remote attacker

invalid value

decodeuricomponent

server crash

vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.004 Low

EPSS

Percentile

74.8%

JSON

Nako3edit is the editor component of Nadeshiko 3, a programming language developed based on Japanese. Improper check or handling of exceptional conditions in Nako3edit v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash.

Affected configurations

Vulners

Node

kujirahandnadesiko3Range<3.3.75

CPENameOperatorVersion
nadesiko3lt3.3.75

CPE	Name	Operator	Version
	nadesiko3	lt	3.3.75

References

github.com/advisories/GHSA-x2jx-w3wm-9p3p

github.com/kujirahand/nadesiko3/issues/1325

github.com/kujirahand/nadesiko3/issues/1347

github.com/kujirahand/nadesiko3/releases/tag/3.3.75

jvn.jp/en/jp/JVN56968681/index.html

nvd.nist.gov/vuln/detail/CVE-2022-41777

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.004 Low

EPSS

Percentile

74.8%

JSON

Related for GHSA-X2JX-W3WM-9P3P