Lucene search

[email protected]NVD:CVE-2022-24718

HistoryMar 01, 2022 - 7:15 p.m.

CVE-2022-24718

2022-03-0119:15:08

CWE-22

[email protected]

web.nvd.nist.gov

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

29.4%

JSON

ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). In versions prior to 0.1.4, a path traversal issue can occur when providing untrusted input to the svg property as an argument to the build(MessagePageOptions) function. While there is no known workaround at this time, there is a patch in version 0.1.4.

Affected configurations

NVD

Node

finastrassr-pagesRange<0.1.4node.js

References

github.com/Finastra/ssr-pages/pull/1

github.com/Finastra/ssr-pages/pull/1/commits/c3e4c563384ae3ba3892f37dd190218577620780

github.com/Finastra/ssr-pages/security/advisories/GHSA-w6cx-qg2q-rvq8

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

29.4%

JSON

Related for NVD:CVE-2022-24718

cve1 cvelist1 github1 prion1 osv1 veracode1