5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
7 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.1%
github.com/ewen-lbh/ffcss is vulnerable to Improper Handling Of Unicode Encoding. The vulnerability arises due to the use of late Unicode normalization of type NFKD in the lookupPreprocess()
method. It is possible to bypass validation on this method by a specially crafted Unicode input.
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
7 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.1%