Lucene search
GoogleOSV:GHSA-83PM-7V48-5JP4HistoryDec 27, 2022 - 3:30 p.m.
rdiffweb vulnerable to Special Element Injection
2022-12-2715:30:19
Google
osv.dev
9
rdiffweb
ssh key
injection
vulnerability
sanitisation
malicious websites
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS
0.001
Percentile
30.3%
In rdiffweb prior to 2.5.5, lack of sanitisation of characters in SSH key name could allow attacker to inject a hyperlink injection that could allow attacker to redirect victim to malicious websites.
Related
cvelist
cvelist
github
github
rdiffweb vulnerable to Special Element Injection
2022-12-27 15:30:19
osv
osv
PYSEC-2022-43007
2022-12-27 15:15:00
CVE-2022-4721
2022-12-27 15:15:11
prion
prion
Design/Logic Flaw
2022-12-27 15:15:00
nvd
nvd
CVE-2022-4721
2022-12-27 15:15:11
veracode
veracode
Command Injection
2022-12-29 08:15:50
huntr
huntr
cve
cve
CVE-2022-4721
2022-12-27 15:15:11
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS
0.001
Percentile
30.3%
Related for OSV:GHSA-83PM-7V48-5JP4