Lucene search

[email protected]NVD:CVE-2022-1813

HistoryMay 22, 2022 - 4:15 p.m.

CVE-2022-1813

2022-05-2216:15:08

CWE-78

[email protected]

web.nvd.nist.gov

command injection

github

repository

yogeshojha/rengine

version 1.2.0

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

70.2%

JSON

OS Command Injection in GitHub repository yogeshojha/rengine prior to 1.2.0.

Affected configurations

Nvd

Node

rengine_projectrengineRange<1.2.0

VendorProductVersionCPE
rengine_projectrengine*cpe:2.3:a:rengine_project:rengine:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rengine_project	rengine	*	cpe:2.3:a:rengine_project:rengine::::::::

References

github.com/yogeshojha/rengine/commit/8277cec0f008a0451371a92e7e0bf082ab3f0c34

huntr.dev/bounties/b255cf59-9ecd-4255-b9a2-b40b5ec6c572

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

70.2%

JSON

Related for NVD:CVE-2022-1813

osv1 huntr1 prion1 cve1 cvelist1 checkpoint_advisories1