Lucene search

Redhat.comRH:CVE-2023-50728

HistoryDec 17, 2023 - 11:26 a.m.

CVE-2023-50728

2023-12-1711:26:34

redhat.com

access.redhat.com

cve-2023-50728

octokit

webhooks

uncaught exception

vulnerability

nodejs

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

43.6%

JSON

An uncaught exception vulnerability was found in octokit webhooks. An error may be undefined in some cases, and the resulting request can cause an uncaught exception that ends the nodejs process.

References

bugzilla.redhat.com/show_bug.cgi?id=2254872

github.com/octokit/webhooks.js/releases/tag/v10.9.2

github.com/octokit/webhooks.js/releases/tag/v11.1.2

github.com/octokit/webhooks.js/releases/tag/v12.0.4

github.com/octokit/webhooks.js/releases/tag/v9.26.3

github.com/octokit/webhooks.js/security/advisories/GHSA-pwfr-8pq7-x9qv

nvd.nist.gov/vuln/detail/CVE-2023-50728

www.cve.org/CVERecord?id=CVE-2023-50728

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

43.6%

JSON

Related for RH:CVE-2023-50728