Lucene search

Veracode Vulnerability DatabaseVERACODE:44900

HistoryDec 29, 2023 - 10:59 a.m.

Improper Unicode Encoding

2023-12-2910:59:15

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

unicode encoding

github

vulnerability

normalization

validation

software

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

7 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

github.com/ewen-lbh/ffcss is vulnerable to Improper Handling Of Unicode Encoding. The vulnerability arises due to the use of late Unicode normalization of type NFKD in the lookupPreprocess() method. It is possible to bypass validation on this method by a specially crafted Unicode input.

References

github.com/ewen-lbh/ffcss/commit/f9c491874b858a32fcae15045f169fd7d02f90dc

github.com/ewen-lbh/ffcss/security/advisories/GHSA-wpmx-564x-h2mh

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

7 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for VERACODE:44900