Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:46111
HistoryApr 01, 2024 - 6:04 a.m.

Improper Neutralization Of Special Elements In Output Used By A Downstream Component ('Injection')

2024-04-0106:04:21
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
astro-shield
vulnerability
inadequate content validation
csp header
injection
malicious resources.

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

6.7

Confidence

High

EPSS

0

Percentile

9.0%

JSON

Astro-Shield is vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’). The vulnerability is caused due to inadequate validation of user-controlled content, potentially allowing the inclusion of malicious resources in the generated CSP headers.

Related

github 1
cve 1
osv 2
nvd 1
cvelist 1
vulnrichment 1
ibm 2
github
github
Content-Security-Policy header generation in middleware could be compromised by malicious injections
2024-03-29 19:03:59
cve
cve
CVE-2024-29896
2024-03-28 13:15:47
osv
osv
CVE-2024-29896
2024-03-28 13:15:47
Content-Security-Policy header generation in middleware could be compromised by malicious injections
2024-03-29 19:03:59
nvd
nvd
CVE-2024-29896
2024-03-28 13:15:47
cvelist
cvelist
CVE-2024-29896 Astro-Shield's Content-Security-Policy header generation in middleware could be compromised by malicious injections
2024-03-28 12:48:53
vulnrichment
vulnrichment
CVE-2024-29896 Astro-Shield's Content-Security-Policy header generation in middleware could be compromised by malicious injections
2024-03-28 12:48:53
ibm
ibm
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js
2024-07-29 21:55:33
Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.16 and earlier
2024-05-29 14:43:06

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

6.7

Confidence

High

EPSS

0

Percentile

9.0%

JSON
Related for VERACODE:46111
github1cve1osv2nvd1cvelist1vulnrichment1ibm2