Lucene search

GoogleOSV:CVE-2023-50694

HistoryJan 19, 2024 - 8:15 p.m.

CVE-2023-50694

2024-01-1920:15:11

Google

osv.dev

httpbeast

remote attacker

malicious crafted request

insufficient parsing

parser.nim

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.4%

JSON

An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote attacker to send a malicious crafted request due to insufficient parsing in the parser.nim component.

CPENameOperatorVersion
httpbeasteq0.2.1
httpbeasteq0.4.1
httpbeasteq0.2.2
httpbeasteq0.1.0
httpbeasteq0.3.0
httpbeasteq0.4.0
httpbeasteq0.2.0

Name	Operator	Version
httpbeast	eq	0.2.1
httpbeast	eq	0.4.1
httpbeast	eq	0.2.2
httpbeast	eq	0.1.0
httpbeast	eq	0.3.0
httpbeast	eq	0.4.0
httpbeast	eq	0.2.0

References

gist.github.com/anas-cherni/c95e2fc1fd84d93167eb60193318d0b8

github.com/dom96/httpbeast/issues/95

github.com/dom96/httpbeast/pull/96

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.4%

JSON

Related for OSV:CVE-2023-50694