Lucene search

GoogleOSV:CVE-2022-38916

HistorySep 20, 2022 - 5:15 p.m.

CVE-2022-38916

2022-09-2017:15:09

Google

osv.dev

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.1%

JSON

A file upload vulnerability exists in the storage feature of pagekit 1.0.18, which allows an attacker to upload malicious files

CPENameOperatorVersion
pagekiteq0.8.8
pagekiteq0.9.5
pagekiteq1.0.4
pagekiteq1.0.7
pagekiteq1.0.9
pagekiteq0.10.4
pagekiteq0.10.3
pagekiteq0.11.3
pagekiteq0.10.2
pagekiteq1.0.8

Name	Operator	Version
pagekit	eq	0.8.8
pagekit	eq	0.9.5
pagekit	eq	1.0.4
pagekit	eq	1.0.7
pagekit	eq	1.0.9
pagekit	eq	0.10.4
pagekit	eq	0.10.3
pagekit	eq	0.11.3
pagekit	eq	0.10.2
pagekit	eq	1.0.8

Rows per page:

1-10 of 351

References

github.com/pagekit/pagekit/issues/970

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.1%

JSON

Related for OSV:CVE-2022-38916