CWE-436
Interpretation Conflict
Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.
CVE-2021-0207 (GCVE-0-2021-0207)
Vulnerability from cvelistv5
► | URL | Tags | |||
---|---|---|---|---|---|
|
Vendor | Product | Version | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
► | Juniper Networks | Junos OS |
Version: 17.3 < 17.3R3-S7 Version: 17.4 < 17.4R2-S11, 17.4R3-S3 |
|||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:32:10.091Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kb.juniper.net/JSA11097" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "platforms": [ "NFX250, QFX5K Series, EX4600" ], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "lessThan": "17.3R3-S7", "status": "affected", "version": "17.3", "versionType": "custom" }, { "lessThan": "17.4R2-S11, 17.4R3-S3", "status": "affected", "version": "17.4", "versionType": "custom" } ] }, { "platforms": [ "NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4600" ], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "lessThan": "18.1R3-S9", "status": "affected", "version": "18.1", "versionType": "custom" } ] }, { "platforms": [ "NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600" ], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "lessThan": "18.2R3-S3", "status": "affected", "version": "18.2", "versionType": "custom" } ] }, { "platforms": [ "NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series" ], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "lessThan": "18.3R3-S1", "status": "affected", "version": "18.3", "versionType": "custom" }, { "lessThan": "18.4R1-S5, 18.4R2-S3, 18.4R3", "status": "affected", "version": "18.4", "versionType": "custom" }, { "lessThan": "19.1R1-S5, 19.1R2-S1, 19.1R3", "status": "affected", "version": "19.1", "versionType": "custom" }, { "lessThan": "19.2R1-S5, 19.2R2", "status": "affected", "version": "19.2", "versionType": "custom" }, { "lessThan": "19.3R2-S3, 19.3R3", "status": "affected", "version": "19.3", "versionType": "custom" } ] }, { "platforms": [ "NFX250, NFX350, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series" ], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "lessThan": "19.4R1-S2, 19.4R2", "status": "affected", "version": "19.4", "versionType": "custom" } ] } ], "configurations": [ { "lang": "en", "value": "The following minimal configuration is required on two interfaces passing traffic on different vlans between each other:\n set interfaces [interface] unit [unit] family ethernet-switching vlan members [name]\n set vlans [name] vlan-id [unit]" } ], "datePublic": "2021-01-13T00:00:00", "descriptions": [ { "lang": "en", "value": "An improper interpretation conflict of certain data between certain software components within the Juniper Networks Junos OS devices does not allow certain traffic to pass through the device upon receipt from an ingress interface filtering certain specific types of traffic which is then being redirected to an egress interface on a different VLAN. This causes a Denial of Service (DoS) to those clients sending these particular types of traffic. Such traffic being sent by a client may appear genuine, but is non-standard in nature and should be considered as potentially malicious, and can be targeted to the device, or destined through it for the issue to occur. This issues affects IPv4 and IPv6 traffic. An indicator of compromise may be found by checking log files. You may find that traffic on the input interface has 100% of traffic flowing into the device, yet the egress interface shows 0 pps leaving the device. For example: [show interfaces \"interface\" statistics detail] Output between two interfaces would reveal something similar to: Ingress, first interface: -------------------- Interface Link Input packets (pps) Output packets (pps) et-0/0/0 Up 9999999999 (9999) 1 (0) -------------------- Egress, second interface: -------------------- Interface Link Input packets (pps) Output packets (pps) et-0/0/1 Up 0 (0) 9999999999 (0) -------------------- Dropped packets will not show up in DDoS monitoring/protection counters as issue is not caused by anti-DDoS protection mechanisms. This issue affects: Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S7 on NFX250, QFX5K Series, EX4600; 17.4 versions prior to 17.4R2-S11, 17.4R3-S3 on NFX250, QFX5K Series, EX4600; 18.1 versions prior to 18.1R3-S9 on NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4600; 18.2 versions prior to 18.2R3-S3 on NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600; 18.3 versions prior to 18.3R3-S1 on NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3 on NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3 on NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series; 19.2 versions prior to 19.2R1-S5, 19.2R2 on NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series; 19.3 versions prior to 19.3R2-S3, 19.3R3 on NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series; 19.4 versions prior to 19.4R1-S2, 19.4R2 on NFX250, NFX350, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series. This issue does not affect Junos OS releases prior to 17.2R2." } ], "exploits": [ { "lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-436", "description": "CWE-436 Interpretation Conflict", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-115", "description": "CWE-115 Misinterpretation of Input", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "description": "Denial of Service (DoS)", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-15T17:35:54", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kb.juniper.net/JSA11097" } ], "solutions": [ { "lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 17.3R3-S7, 17.4R2-S11, 17.4R3-S3, 18.1R3-S9, 18.2R3-S3, 18.3R3-S1, 18.4R1-S5, 18.4R2-S3, 18.4R3, 19.1R1-S5, 19.1R2-S1, 19.1R3, 19.2R1-S5, 19.2R2, 19.3R2-S3, 19.3R3, 19.4R1-S2, 19.4R2, 20.1R1 and all subsequent releases." } ], "source": { "advisory": "JSA11097", "defect": [ "1429543" ], "discovery": "USER" }, "title": "NFX250, NFX350, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series: Certain genuine traffic received by the Junos OS device will be discarded instead of forwarded.", "workarounds": [ { "lang": "en", "value": "There are no available workarounds for this issue." } ], "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2021-01-13T17:00:00.000Z", "ID": "CVE-2021-0207", "STATE": "PUBLIC", "TITLE": "NFX250, NFX350, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series: Certain genuine traffic received by the Junos OS device will be discarded instead of forwarded." }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Junos OS", "version": { "version_data": [ { "platform": "NFX250, QFX5K Series, EX4600", "version_affected": "\u003c", "version_name": "17.3", "version_value": "17.3R3-S7" }, { "platform": "NFX250, QFX5K Series, EX4600", "version_affected": "\u003c", "version_name": "17.4", "version_value": "17.4R2-S11, 17.4R3-S3" }, { "platform": "NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4600", "version_affected": "\u003c", "version_name": "18.1", "version_value": "18.1R3-S9" }, { "platform": "NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600", "version_affected": "\u003c", "version_name": "18.2", "version_value": "18.2R3-S3" }, { "platform": "NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series", "version_affected": "\u003c", "version_name": "18.3", "version_value": "18.3R3-S1" }, { "platform": "NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series", "version_affected": "\u003c", "version_name": "18.4", "version_value": "18.4R1-S5, 18.4R2-S3, 18.4R3" }, { "platform": "NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series", "version_affected": "\u003c", "version_name": "19.1", "version_value": "19.1R1-S5, 19.1R2-S1, 19.1R3" }, { "platform": "NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series", "version_affected": "\u003c", "version_name": "19.2", "version_value": "19.2R1-S5, 19.2R2" }, { "platform": "NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series", "version_affected": "\u003c", "version_name": "19.3", "version_value": "19.3R2-S3, 19.3R3" }, { "platform": "NFX250, NFX350, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series", "version_affected": "\u003c", "version_name": "19.4", "version_value": "19.4R1-S2, 19.4R2" } ] } } ] }, "vendor_name": "Juniper Networks" } ] } }, "configuration": [ { "lang": "en", "value": "The following minimal configuration is required on two interfaces passing traffic on different vlans between each other:\n set interfaces [interface] unit [unit] family ethernet-switching vlan members [name]\n set vlans [name] vlan-id [unit]" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An improper interpretation conflict of certain data between certain software components within the Juniper Networks Junos OS devices does not allow certain traffic to pass through the device upon receipt from an ingress interface filtering certain specific types of traffic which is then being redirected to an egress interface on a different VLAN. This causes a Denial of Service (DoS) to those clients sending these particular types of traffic. Such traffic being sent by a client may appear genuine, but is non-standard in nature and should be considered as potentially malicious, and can be targeted to the device, or destined through it for the issue to occur. This issues affects IPv4 and IPv6 traffic. An indicator of compromise may be found by checking log files. You may find that traffic on the input interface has 100% of traffic flowing into the device, yet the egress interface shows 0 pps leaving the device. For example: [show interfaces \"interface\" statistics detail] Output between two interfaces would reveal something similar to: Ingress, first interface: -------------------- Interface Link Input packets (pps) Output packets (pps) et-0/0/0 Up 9999999999 (9999) 1 (0) -------------------- Egress, second interface: -------------------- Interface Link Input packets (pps) Output packets (pps) et-0/0/1 Up 0 (0) 9999999999 (0) -------------------- Dropped packets will not show up in DDoS monitoring/protection counters as issue is not caused by anti-DDoS protection mechanisms. This issue affects: Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S7 on NFX250, QFX5K Series, EX4600; 17.4 versions prior to 17.4R2-S11, 17.4R3-S3 on NFX250, QFX5K Series, EX4600; 18.1 versions prior to 18.1R3-S9 on NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4600; 18.2 versions prior to 18.2R3-S3 on NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600; 18.3 versions prior to 18.3R3-S1 on NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3 on NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3 on NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series; 19.2 versions prior to 19.2R1-S5, 19.2R2 on NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series; 19.3 versions prior to 19.3R2-S3, 19.3R3 on NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series; 19.4 versions prior to 19.4R1-S2, 19.4R2 on NFX250, NFX350, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series. This issue does not affect Junos OS releases prior to 17.2R2." } ] }, "exploit": [ { "lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-436 Interpretation Conflict" } ] }, { "description": [ { "lang": "eng", "value": "CWE-115 Misinterpretation of Input" } ] }, { "description": [ { "lang": "eng", "value": "Denial of Service (DoS)" } ] } ] }, "references": { "reference_data": [ { "name": "https://kb.juniper.net/JSA11097", "refsource": "CONFIRM", "url": "https://kb.juniper.net/JSA11097" } ] }, "solution": [ { "lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 17.3R3-S7, 17.4R2-S11, 17.4R3-S3, 18.1R3-S9, 18.2R3-S3, 18.3R3-S1, 18.4R1-S5, 18.4R2-S3, 18.4R3, 19.1R1-S5, 19.1R2-S1, 19.1R3, 19.2R1-S5, 19.2R2, 19.3R2-S3, 19.3R3, 19.4R1-S2, 19.4R2, 20.1R1 and all subsequent releases." } ], "source": { "advisory": "JSA11097", "defect": [ "1429543" ], "discovery": "USER" }, "work_around": [ { "lang": "en", "value": "There are no available workarounds for this issue." } ] } } }, "cveMetadata": { "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2021-0207", "datePublished": "2021-01-15T17:35:54.872808Z", "dateReserved": "2020-10-27T00:00:00", "dateUpdated": "2024-09-17T02:21:57.975Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-21366 (GCVE-0-2021-21366)
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T18:09:16.000Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/xmldom/xmldom/security/advisories/GHSA-h6q6-9hqw-rwfv" }, { "tags": [ "x_transferred" ], "url": "https://www.npmjs.com/package/xmldom" }, { "tags": [ "x_transferred" ], "url": "https://github.com/xmldom/xmldom/releases/tag/0.5.0" }, { "tags": [ "x_transferred" ], "url": "https://github.com/xmldom/xmldom/commit/d4201b9dfbf760049f457f9f08a3888d48835135" }, { "name": "[debian-lts-announce] 20230101 [SECURITY] [DLA 3260-1] node-xmldom security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00000.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "xmldom", "vendor": "xmldom", "versions": [ { "status": "affected", "version": "\u003c 0.5.0" } ] } ], "descriptions": [ { "lang": "en", "value": "xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpected syntactic changes during XML processing in some downstream applications. This is fixed in version 0.5.0. As a workaround downstream applications can validate the input and reject the maliciously crafted documents." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-436", "description": "CWE-436 Interpretation Conflict", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-115", "description": "CWE-115: Misinterpretation of Input", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-01T00:00:00", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "url": "https://github.com/xmldom/xmldom/security/advisories/GHSA-h6q6-9hqw-rwfv" }, { "url": "https://www.npmjs.com/package/xmldom" }, { "url": "https://github.com/xmldom/xmldom/releases/tag/0.5.0" }, { "url": "https://github.com/xmldom/xmldom/commit/d4201b9dfbf760049f457f9f08a3888d48835135" }, { "name": "[debian-lts-announce] 20230101 [SECURITY] [DLA 3260-1] node-xmldom security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00000.html" } ], "source": { "advisory": "GHSA-h6q6-9hqw-rwfv", "discovery": "UNKNOWN" }, "title": "Misinterpretation of malicious XML input" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-21366", "datePublished": "2021-03-12T00:00:00", "dateReserved": "2020-12-22T00:00:00", "dateUpdated": "2024-08-03T18:09:16.000Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-39137 (GCVE-0-2021-39137)
Vulnerability from cvelistv5
- CWE-436 - Interpretation Conflict
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
Vendor | Product | Version | ||
---|---|---|---|---|
ethereum | go-ethereum |
Version: >= 1.10.0, < 1.10.8 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:58:17.913Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-9856-9gg9-qcmq" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.10.8" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "go-ethereum", "vendor": "ethereum", "versions": [ { "status": "affected", "version": "\u003e= 1.10.0, \u003c 1.10.8" } ] } ], "descriptions": [ { "lang": "en", "value": "go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum (Geth) could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details about the vulnerability will be disclosed at a later date. A patch is included in the upcoming `v1.10.8` release. No workaround are available." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-436", "description": "CWE-436: Interpretation Conflict", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-08-24T16:05:10", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-9856-9gg9-qcmq" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.10.8" } ], "source": { "advisory": "GHSA-9856-9gg9-qcmq", "discovery": "UNKNOWN" }, "title": "Consensus flaw during block processing in go-ethereum", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-39137", "STATE": "PUBLIC", "TITLE": "Consensus flaw during block processing in go-ethereum" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "go-ethereum", "version": { "version_data": [ { "version_value": "\u003e= 1.10.0, \u003c 1.10.8" } ] } } ] }, "vendor_name": "ethereum" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum (Geth) could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details about the vulnerability will be disclosed at a later date. A patch is included in the upcoming `v1.10.8` release. No workaround are available." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-436: Interpretation Conflict" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-9856-9gg9-qcmq", "refsource": "CONFIRM", "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-9856-9gg9-qcmq" }, { "name": "https://github.com/ethereum/go-ethereum/releases/tag/v1.10.8", "refsource": "MISC", "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.10.8" } ] }, "source": { "advisory": "GHSA-9856-9gg9-qcmq", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-39137", "datePublished": "2021-08-24T16:05:10", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-08-04T01:58:17.913Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-0011 (GCVE-0-2022-0011)
Vulnerability from cvelistv5
- CWE-436 - Interpretation Conflict
► | URL | Tags | |||
---|---|---|---|---|---|
|
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
► | Palo Alto Networks | PAN-OS |
Version: 9.0.* Version: 8.1 < 8.1.21 Version: 9.1 < 9.1.12 Version: 10.0 < 10.0.8 Version: 10.1 < 10.1.3 |
||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T23:18:41.438Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://security.paloaltonetworks.com/CVE-2022-0011" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "PAN-OS", "vendor": "Palo Alto Networks", "versions": [ { "status": "affected", "version": "9.0.*" }, { "changes": [ { "at": "8.1.21", "status": "unaffected" } ], "lessThan": "8.1.21", "status": "affected", "version": "8.1", "versionType": "custom" }, { "changes": [ { "at": "9.1.12", "status": "unaffected" } ], "lessThan": "9.1.12", "status": "affected", "version": "9.1", "versionType": "custom" }, { "changes": [ { "at": "10.0.8", "status": "unaffected" } ], "lessThan": "10.0.8", "status": "affected", "version": "10.0", "versionType": "custom" }, { "changes": [ { "at": "10.1.3", "status": "unaffected" } ], "lessThan": "10.1.3", "status": "affected", "version": "10.1", "versionType": "custom" } ] }, { "product": "Prisma Access", "vendor": "Palo Alto Networks", "versions": [ { "status": "unaffected", "version": "3.0 Preferred, Innovation" }, { "status": "affected", "version": "2.2 Preferred" }, { "status": "affected", "version": "2.1 Preferred, Innovation" } ] } ], "configurations": [ { "lang": "en", "value": "This issue is applicable only when you configure exceptions to URL filtering either by creating a custom URL category list or by using an external dynamic list (EDL) in a URL Filtering profile as per https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/url-filtering/block-and-allow-lists.html." } ], "credits": [ { "lang": "en", "value": "Palo Alto Networks thanks Chris Johnston of PricewaterhouseCoopers for discovering and reporting this issue." } ], "datePublic": "2022-02-09T00:00:00", "descriptions": [ { "lang": "en", "value": "PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed (depending on your rules) regardless of their associated URL category. This is done by creating a custom URL category list or by using an external dynamic list (EDL) in a URL Filtering profile. When the entries in these lists have a hostname pattern that does not end with a forward slash (/) or a hostname pattern that ends with an asterisk (*), any URL that starts with the specified pattern is considered a match. Entries with a caret (^) at the end of a hostname pattern match any top level domain. This may inadvertently allow or block more URLs than intended and allowing more URLs than intended represents a security risk. For example: example.com will match example.com.website.test example.com.* will match example.com.website.test example.com.^ will match example.com.test You should take special care when using such entries in policy rules that allow traffic. Where possible, use the exact list of hostname names ending with a forward slash (/) instead of using wildcards. PAN-OS 10.1 versions earlier than PAN-OS 10.1.3; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 9.1 versions earlier than PAN-OS 9.1.12; all PAN-OS 9.0 versions; PAN-OS 8.1 versions earlier than PAN-OS 8.1.21, and Prisma Access 2.2 and 2.1 versions do not allow customers to change this behavior without changing the URL category list or EDL." } ], "exploits": [ { "lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-436", "description": "CWE-436 Interpretation Conflict", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-02-10T18:10:15", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://security.paloaltonetworks.com/CVE-2022-0011" } ], "solutions": [ { "lang": "en", "value": "PAN-OS 8.1.21, PAN-OS 9.1.12, PAN-OS 10.0.8, PAN-OS 10.1.3, Prisma Access 3.0 Preferred, and Prisma Access 3.0 Innovation all include a customer configurable option to automatically append a forward slash at the end of the hostname pattern for entries without an ending token in a custom URL category list or in an external dynamic list (EDL).\n\nPrisma Access customers should refer to \u201cSTEP 7\u201d in the following Prisma Access 3.0 documentation to enable this feature:\n\nhttps://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin/prepare-the-prisma-access-infrastructure/prisma-access-service-infrastructure/enable-the-service-infrastructure.html\n\nFor other PAN-OS appliances, this option is enabled by running these CLI commands:\n debug device-server append-end-token on\n commit force\n\nNote: This option is disabled by default on PAN-OS 8.1, PAN-OS 9.1, PAN-OS 10.0, and PAN-OS 10.1. This option will be enabled by default starting with the next major version of PAN-OS. This option is not available on PAN-OS 9.0. Customers with PAN-OS 9.0 are advised to apply workarounds or upgrade to PAN-OS 9.1 or a later version.\n\nAdditionally, customers must evaluate their custom URL category list or their external dynamic list (EDL) and any firewall policy rules that depend on them to determine whether this option provides the desired policy rule enforcement.\n\nExample 1: If the firewall policy rule is intended to allow only \u0027www.example.com\u0027 and not to allow access to any other site, such as www.example.com.webiste.test, then use the \"debug device-server append-end-token on\" CLI command.\n\nExample 2: If the firewall policy rule is set to block access to \u0027www.example.co\u0027 and block access to sites such as www.example.com, www.example.co.az, then keep the default setting (\"debug device-server append-end-token off\" CLI command). You should always use the most appropriate token if you need to match multiple hostnames in a policy rule." } ], "source": { "defect": [ "PAN-174443" ], "discovery": "EXTERNAL" }, "timeline": [ { "lang": "en", "time": "2022-02-09T00:00:00", "value": "initial publication" } ], "title": "PAN-OS: URL Category Exceptions Match More URLs Than Intended in URL Filtering", "workarounds": [ { "lang": "en", "value": "Add a forward slash (/) at the end of the hostname pattern for all entries in the custom URL category list or the external dynamic list (EDL).\n\nFor example:\n example.com/ will not match example.com.website.test" } ], "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2022-02-09T17:00:00.000Z", "ID": "CVE-2022-0011", "STATE": "PUBLIC", "TITLE": "PAN-OS: URL Category Exceptions Match More URLs Than Intended in URL Filtering" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "PAN-OS", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "8.1", "version_value": "8.1.21" }, { "version_affected": "\u003c", "version_name": "9.1", "version_value": "9.1.12" }, { "version_affected": "\u003c", "version_name": "10.0", "version_value": "10.0.8" }, { "version_affected": "!\u003e=", "version_name": "8.1", "version_value": "8.1.21" }, { "version_affected": "!\u003e=", "version_name": "9.1", "version_value": "9.1.12" }, { "version_affected": "!\u003e=", "version_name": "10.0", "version_value": "10.0.8" }, { "version_affected": "=", "version_name": "9.0", "version_value": "9.0.*" }, { "version_affected": "\u003c", "version_name": "10.1", "version_value": "10.1.3" }, { "version_affected": "!\u003e=", "version_name": "10.1", "version_value": "10.1.3" } ] } }, { "product_name": "Prisma Access", "version": { "version_data": [ { "version_affected": "!", "version_name": "3.0", "version_value": "Preferred, Innovation" }, { "version_affected": "=", "version_name": "2.2", "version_value": "Preferred" }, { "version_affected": "=", "version_name": "2.1", "version_value": "Preferred, Innovation" } ] } } ] }, "vendor_name": "Palo Alto Networks" } ] } }, "configuration": [ { "lang": "en", "value": "This issue is applicable only when you configure exceptions to URL filtering either by creating a custom URL category list or by using an external dynamic list (EDL) in a URL Filtering profile as per https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/url-filtering/block-and-allow-lists.html." } ], "credit": [ { "lang": "eng", "value": "Palo Alto Networks thanks Chris Johnston of PricewaterhouseCoopers for discovering and reporting this issue." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed (depending on your rules) regardless of their associated URL category. This is done by creating a custom URL category list or by using an external dynamic list (EDL) in a URL Filtering profile. When the entries in these lists have a hostname pattern that does not end with a forward slash (/) or a hostname pattern that ends with an asterisk (*), any URL that starts with the specified pattern is considered a match. Entries with a caret (^) at the end of a hostname pattern match any top level domain. This may inadvertently allow or block more URLs than intended and allowing more URLs than intended represents a security risk. For example: example.com will match example.com.website.test example.com.* will match example.com.website.test example.com.^ will match example.com.test You should take special care when using such entries in policy rules that allow traffic. Where possible, use the exact list of hostname names ending with a forward slash (/) instead of using wildcards. PAN-OS 10.1 versions earlier than PAN-OS 10.1.3; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 9.1 versions earlier than PAN-OS 9.1.12; all PAN-OS 9.0 versions; PAN-OS 8.1 versions earlier than PAN-OS 8.1.21, and Prisma Access 2.2 and 2.1 versions do not allow customers to change this behavior without changing the URL category list or EDL." } ] }, "exploit": [ { "lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue." } ], "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-436 Interpretation Conflict" } ] } ] }, "references": { "reference_data": [ { "name": "https://security.paloaltonetworks.com/CVE-2022-0011", "refsource": "MISC", "url": "https://security.paloaltonetworks.com/CVE-2022-0011" } ] }, "solution": [ { "lang": "en", "value": "PAN-OS 8.1.21, PAN-OS 9.1.12, PAN-OS 10.0.8, PAN-OS 10.1.3, Prisma Access 3.0 Preferred, and Prisma Access 3.0 Innovation all include a customer configurable option to automatically append a forward slash at the end of the hostname pattern for entries without an ending token in a custom URL category list or in an external dynamic list (EDL).\n\nPrisma Access customers should refer to \u201cSTEP 7\u201d in the following Prisma Access 3.0 documentation to enable this feature:\n\nhttps://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin/prepare-the-prisma-access-infrastructure/prisma-access-service-infrastructure/enable-the-service-infrastructure.html\n\nFor other PAN-OS appliances, this option is enabled by running these CLI commands:\n debug device-server append-end-token on\n commit force\n\nNote: This option is disabled by default on PAN-OS 8.1, PAN-OS 9.1, PAN-OS 10.0, and PAN-OS 10.1. This option will be enabled by default starting with the next major version of PAN-OS. This option is not available on PAN-OS 9.0. Customers with PAN-OS 9.0 are advised to apply workarounds or upgrade to PAN-OS 9.1 or a later version.\n\nAdditionally, customers must evaluate their custom URL category list or their external dynamic list (EDL) and any firewall policy rules that depend on them to determine whether this option provides the desired policy rule enforcement.\n\nExample 1: If the firewall policy rule is intended to allow only \u0027www.example.com\u0027 and not to allow access to any other site, such as www.example.com.webiste.test, then use the \"debug device-server append-end-token on\" CLI command.\n\nExample 2: If the firewall policy rule is set to block access to \u0027www.example.co\u0027 and block access to sites such as www.example.com, www.example.co.az, then keep the default setting (\"debug device-server append-end-token off\" CLI command). You should always use the most appropriate token if you need to match multiple hostnames in a policy rule." } ], "source": { "defect": [ "PAN-174443" ], "discovery": "EXTERNAL" }, "timeline": [ { "lang": "en", "time": "2022-02-09T00:00:00", "value": "initial publication" } ], "work_around": [ { "lang": "en", "value": "Add a forward slash (/) at the end of the hostname pattern for all entries in the custom URL category list or the external dynamic list (EDL).\n\nFor example:\n example.com/ will not match example.com.website.test" } ], "x_advisoryEoL": false, "x_affectedList": [ "Prisma Access 2.2", "Prisma Access 2.1", "PAN-OS 10.1.2", "PAN-OS 10.1.1", "PAN-OS 10.1.0", "PAN-OS 10.1", "PAN-OS 10.0.7", "PAN-OS 10.0.6", "PAN-OS 10.0.5", "PAN-OS 10.0.4", "PAN-OS 10.0.3", "PAN-OS 10.0.2", "PAN-OS 10.0.1", "PAN-OS 10.0.0", "PAN-OS 10.0", "PAN-OS 9.1.11-h3", "PAN-OS 9.1.11-h2", "PAN-OS 9.1.11-h1", "PAN-OS 9.1.11", "PAN-OS 9.1.10", "PAN-OS 9.1.9", "PAN-OS 9.1.8", "PAN-OS 9.1.7", "PAN-OS 9.1.6", "PAN-OS 9.1.5", "PAN-OS 9.1.4", "PAN-OS 9.1.3-h1", "PAN-OS 9.1.3", "PAN-OS 9.1.2-h1", "PAN-OS 9.1.2", "PAN-OS 9.1.1", "PAN-OS 9.1.0-h3", "PAN-OS 9.1.0-h2", "PAN-OS 9.1.0-h1", "PAN-OS 9.1.0", "PAN-OS 9.1", "PAN-OS 9.0.15", "PAN-OS 9.0.14-h4", "PAN-OS 9.0.14-h3", "PAN-OS 9.0.14-h2", "PAN-OS 9.0.14-h1", "PAN-OS 9.0.14", "PAN-OS 9.0.13", "PAN-OS 9.0.12", "PAN-OS 9.0.11", "PAN-OS 9.0.10", "PAN-OS 9.0.9-h1", "PAN-OS 9.0.9", "PAN-OS 9.0.8", "PAN-OS 9.0.7", "PAN-OS 9.0.6", "PAN-OS 9.0.5", "PAN-OS 9.0.4", "PAN-OS 9.0.3-h3", "PAN-OS 9.0.3-h2", "PAN-OS 9.0.3-h1", "PAN-OS 9.0.3", "PAN-OS 9.0.2-h4", "PAN-OS 9.0.2-h3", "PAN-OS 9.0.2-h2", "PAN-OS 9.0.2-h1", "PAN-OS 9.0.2", "PAN-OS 9.0.1", "PAN-OS 9.0.0", "PAN-OS 9.0", "PAN-OS 8.1.20-h1", "PAN-OS 8.1.20", "PAN-OS 8.1.19", "PAN-OS 8.1.18", "PAN-OS 8.1.17", "PAN-OS 8.1.16", "PAN-OS 8.1.15-h3", "PAN-OS 8.1.15-h2", "PAN-OS 8.1.15-h1", "PAN-OS 8.1.15", "PAN-OS 8.1.14-h2", "PAN-OS 8.1.14-h1", "PAN-OS 8.1.14", "PAN-OS 8.1.13", "PAN-OS 8.1.12", "PAN-OS 8.1.11", "PAN-OS 8.1.10", "PAN-OS 8.1.9-h4", "PAN-OS 8.1.9-h3", "PAN-OS 8.1.9-h2", "PAN-OS 8.1.9-h1", "PAN-OS 8.1.9", "PAN-OS 8.1.8-h5", "PAN-OS 8.1.8-h4", "PAN-OS 8.1.8-h3", "PAN-OS 8.1.8-h2", "PAN-OS 8.1.8-h1", "PAN-OS 8.1.8", "PAN-OS 8.1.7", "PAN-OS 8.1.6-h2", "PAN-OS 8.1.6-h1", "PAN-OS 8.1.6", "PAN-OS 8.1.5", "PAN-OS 8.1.4", "PAN-OS 8.1.3", "PAN-OS 8.1.2", "PAN-OS 8.1.1", "PAN-OS 8.1.0", "PAN-OS 8.1" ], "x_likelyAffectedList": [ "PAN-OS 8.0.20", "PAN-OS 8.0.19-h1", "PAN-OS 8.0.19", "PAN-OS 8.0.18", "PAN-OS 8.0.17", "PAN-OS 8.0.16", "PAN-OS 8.0.15", "PAN-OS 8.0.14", "PAN-OS 8.0.13", "PAN-OS 8.0.12", "PAN-OS 8.0.11-h1", "PAN-OS 8.0.10", "PAN-OS 8.0.9", "PAN-OS 8.0.8", "PAN-OS 8.0.7", "PAN-OS 8.0.6-h3", "PAN-OS 8.0.6-h2", "PAN-OS 8.0.6-h1", "PAN-OS 8.0.6", "PAN-OS 8.0.5", "PAN-OS 8.0.4", "PAN-OS 8.0.3-h4", "PAN-OS 8.0.3-h3", "PAN-OS 8.0.3-h2", "PAN-OS 8.0.3-h1", "PAN-OS 8.0.3", "PAN-OS 8.0.2", "PAN-OS 8.0.1", "PAN-OS 8.0.0", "PAN-OS 8.0", "PAN-OS 7.1.26", "PAN-OS 7.1.25", "PAN-OS 7.1.24-h1", "PAN-OS 7.1.24", "PAN-OS 7.1.23", "PAN-OS 7.1.22", "PAN-OS 7.1.21", "PAN-OS 7.1.20", "PAN-OS 7.1.19", "PAN-OS 7.1.18", "PAN-OS 7.1.17", "PAN-OS 7.1.16", "PAN-OS 7.1.15", "PAN-OS 7.1.14", "PAN-OS 7.1.13", "PAN-OS 7.1.12", "PAN-OS 7.1.11", "PAN-OS 7.1.10", "PAN-OS 7.1.9-h4", "PAN-OS 7.1.9-h3", "PAN-OS 7.1.9-h2", "PAN-OS 7.1.9-h1", "PAN-OS 7.1.9", "PAN-OS 7.1.8", "PAN-OS 7.1.7", "PAN-OS 7.1.6", "PAN-OS 7.1.5", "PAN-OS 7.1.4-h2", "PAN-OS 7.1.4-h1", "PAN-OS 7.1.4", "PAN-OS 7.1.3", "PAN-OS 7.1.2", "PAN-OS 7.1.1", "PAN-OS 7.1.0", "PAN-OS 7.1" ] } } }, "cveMetadata": { "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2022-0011", "datePublished": "2022-02-10T18:10:15.524395Z", "dateReserved": "2021-12-28T00:00:00", "dateUpdated": "2024-09-16T23:51:26.574Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-29254 (GCVE-0-2022-29254)
Vulnerability from cvelistv5
- CWE-436 - Interpretation Conflict
► | URL | Tags |
---|---|---|
Vendor | Product | Version | ||
---|---|---|---|---|
silverstripe | silverstripe-omnipay |
Version: < 2.5.2 Version: >= 3.0.0, < 3.0.2 Version: >= 3.1.0, < 3.1.4 Version: >= 3.2.0, < 3.2.1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:17:54.532Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/silverstripe/silverstripe-omnipay/security/advisories/GHSA-48f2-m7jg-866x" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/silverstripe/silverstripe-omnipay/commit/7dee9a1e0a5f54c2dc06e018cff3d9a19044e01b" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-29254", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-23T14:06:02.928372Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-23T18:19:05.162Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "silverstripe-omnipay", "vendor": "silverstripe", "versions": [ { "status": "affected", "version": "\u003c 2.5.2" }, { "status": "affected", "version": "\u003e= 3.0.0, \u003c 3.0.2" }, { "status": "affected", "version": "\u003e= 3.1.0, \u003c 3.1.4" }, { "status": "affected", "version": "\u003e= 3.2.0, \u003c 3.2.1" } ] } ], "descriptions": [ { "lang": "en", "value": "silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways (those that use intermediary states like `isNotification()` or `isRedirect()`), if the payment identifier or success URL is exposed it is possible for payments to be prematurely marked as completed without payment being taken. This is mitigated by the fact that most payment gateways hide this information from users, however some issuing banks offer flawed 3DSecure implementations that may inadvertently expose this data. The following versions have been patched to fix this issue: `2.5.2`, `3.0.2`, `3.1.4`, and `3.2.1`. There are no known workarounds for this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-436", "description": "CWE-436: Interpretation Conflict", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-06T19:35:10.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/silverstripe/silverstripe-omnipay/security/advisories/GHSA-48f2-m7jg-866x" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/silverstripe/silverstripe-omnipay/commit/7dee9a1e0a5f54c2dc06e018cff3d9a19044e01b" } ], "source": { "advisory": "GHSA-48f2-m7jg-866x", "discovery": "UNKNOWN" }, "title": "Failed payment recorded has completed in silverstripe/silverstripe-omnipay", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-29254", "STATE": "PUBLIC", "TITLE": "Failed payment recorded has completed in silverstripe/silverstripe-omnipay" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "silverstripe-omnipay", "version": { "version_data": [ { "version_value": "\u003c 2.5.2" }, { "version_value": "\u003e= 3.0.0, \u003c 3.0.2" }, { "version_value": "\u003e= 3.1.0, \u003c 3.1.4" }, { "version_value": "\u003e= 3.2.0, \u003c 3.2.1" } ] } } ] }, "vendor_name": "silverstripe" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways (those that use intermediary states like `isNotification()` or `isRedirect()`), if the payment identifier or success URL is exposed it is possible for payments to be prematurely marked as completed without payment being taken. This is mitigated by the fact that most payment gateways hide this information from users, however some issuing banks offer flawed 3DSecure implementations that may inadvertently expose this data. The following versions have been patched to fix this issue: `2.5.2`, `3.0.2`, `3.1.4`, and `3.2.1`. There are no known workarounds for this vulnerability." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-436: Interpretation Conflict" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/silverstripe/silverstripe-omnipay/security/advisories/GHSA-48f2-m7jg-866x", "refsource": "CONFIRM", "url": "https://github.com/silverstripe/silverstripe-omnipay/security/advisories/GHSA-48f2-m7jg-866x" }, { "name": "https://github.com/silverstripe/silverstripe-omnipay/commit/7dee9a1e0a5f54c2dc06e018cff3d9a19044e01b", "refsource": "MISC", "url": "https://github.com/silverstripe/silverstripe-omnipay/commit/7dee9a1e0a5f54c2dc06e018cff3d9a19044e01b" } ] }, "source": { "advisory": "GHSA-48f2-m7jg-866x", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-29254", "datePublished": "2022-06-06T19:35:10.000Z", "dateReserved": "2022-04-13T00:00:00.000Z", "dateUpdated": "2025-04-23T18:19:05.162Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-35962 (GCVE-0-2022-35962)
Vulnerability from cvelistv5
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
Vendor | Product | Version | ||
---|---|---|---|---|
zulip | zulip-mobile |
Version: < 27.190 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:51:59.287Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/zulip/zulip-mobile/security/advisories/GHSA-4gj2-j32x-4wg5" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blog.zulip.com/2022/08/24/zulip-server-5-6-security-release/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/zulip/zulip-mobile/releases/tag/v27.190" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-35962", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-04-23T15:50:38.682406Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-23T17:47:42.357Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "zulip-mobile", "vendor": "zulip", "versions": [ { "status": "affected", "version": "\u003c 27.190" } ] } ], "descriptions": [ { "lang": "en", "value": "Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. In Zulip Mobile through version 27.189, a crafted link in a message sent by an authenticated user could lead to credential disclosure if a user follows the link. A patch was released in version 27.190." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-184", "description": "CWE-184: Incomplete List of Disallowed Inputs", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-436", "description": "CWE-436: Interpretation Conflict", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-29T14:50:09.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/zulip/zulip-mobile/security/advisories/GHSA-4gj2-j32x-4wg5" }, { "tags": [ "x_refsource_MISC" ], "url": "https://blog.zulip.com/2022/08/24/zulip-server-5-6-security-release/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/zulip/zulip-mobile/releases/tag/v27.190" } ], "source": { "advisory": "GHSA-4gj2-j32x-4wg5", "discovery": "UNKNOWN" }, "title": "Crafted link in Zulip message can cause disclosure of credentials", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-35962", "STATE": "PUBLIC", "TITLE": "Crafted link in Zulip message can cause disclosure of credentials" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "zulip-mobile", "version": { "version_data": [ { "version_value": "\u003c 27.190" } ] } } ] }, "vendor_name": "zulip" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. In Zulip Mobile through version 27.189, a crafted link in a message sent by an authenticated user could lead to credential disclosure if a user follows the link. A patch was released in version 27.190." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-184: Incomplete List of Disallowed Inputs" } ] }, { "description": [ { "lang": "eng", "value": "CWE-436: Interpretation Conflict" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/zulip/zulip-mobile/security/advisories/GHSA-4gj2-j32x-4wg5", "refsource": "CONFIRM", "url": "https://github.com/zulip/zulip-mobile/security/advisories/GHSA-4gj2-j32x-4wg5" }, { "name": "https://blog.zulip.com/2022/08/24/zulip-server-5-6-security-release/", "refsource": "MISC", "url": "https://blog.zulip.com/2022/08/24/zulip-server-5-6-security-release/" }, { "name": "https://github.com/zulip/zulip-mobile/releases/tag/v27.190", "refsource": "MISC", "url": "https://github.com/zulip/zulip-mobile/releases/tag/v27.190" } ] }, "source": { "advisory": "GHSA-4gj2-j32x-4wg5", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-35962", "datePublished": "2022-08-29T14:50:09.000Z", "dateReserved": "2022-07-15T00:00:00.000Z", "dateUpdated": "2025-04-23T17:47:42.357Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-36048 (GCVE-0-2022-36048)
Vulnerability from cvelistv5
- CWE-436 - Interpretation Conflict
► | URL | Tags | |||
---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:52:00.508Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/zulip/zulip/security/advisories/GHSA-vg5m-mf9x-j452" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-36048", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-23T14:01:47.169435Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-23T17:46:52.591Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "zulip", "vendor": "zulip", "versions": [ { "status": "affected", "version": "\u003c 5.6" } ] } ], "descriptions": [ { "lang": "en", "value": "Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. When displaying messages with embedded remote images, Zulip normally loads the image preview via a go-camo proxy server. However, an attacker who can send messages could include a crafted URL that tricks the server into embedding a remote image reference directly. This could allow the attacker to infer the viewer\u2019s IP address and browser fingerprinting information. This vulnerability is fixed in Zulip Server 5.6. Zulip organizations with image and link previews [disabled](https://zulip.com/help/allow-image-link-previews) are not affected." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-436", "description": "CWE-436: Interpretation Conflict", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-31T19:15:11.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/zulip/zulip/security/advisories/GHSA-vg5m-mf9x-j452" } ], "source": { "advisory": "GHSA-vg5m-mf9x-j452", "discovery": "UNKNOWN" }, "title": "IP address leak via image proxy bypass in Zulip Server", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-36048", "STATE": "PUBLIC", "TITLE": "IP address leak via image proxy bypass in Zulip Server" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "zulip", "version": { "version_data": [ { "version_value": "\u003c 5.6" } ] } } ] }, "vendor_name": "zulip" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. When displaying messages with embedded remote images, Zulip normally loads the image preview via a go-camo proxy server. However, an attacker who can send messages could include a crafted URL that tricks the server into embedding a remote image reference directly. This could allow the attacker to infer the viewer\u2019s IP address and browser fingerprinting information. This vulnerability is fixed in Zulip Server 5.6. Zulip organizations with image and link previews [disabled](https://zulip.com/help/allow-image-link-previews) are not affected." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-436: Interpretation Conflict" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/zulip/zulip/security/advisories/GHSA-vg5m-mf9x-j452", "refsource": "CONFIRM", "url": "https://github.com/zulip/zulip/security/advisories/GHSA-vg5m-mf9x-j452" } ] }, "source": { "advisory": "GHSA-vg5m-mf9x-j452", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-36048", "datePublished": "2022-08-31T19:15:11.000Z", "dateReserved": "2022-07-15T00:00:00.000Z", "dateUpdated": "2025-04-23T17:46:52.591Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-36051 (GCVE-0-2022-36051)
Vulnerability from cvelistv5
- CWE-436 - Interpretation Conflict
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:51:59.984Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-c8fj-4pm8-mp2c" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/zitadel/zitadel/releases/tag/v1.87.1" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/zitadel/zitadel/releases/tag/v2.2.0" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-36051", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-04-23T15:50:25.436773Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-23T17:33:14.632Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "zitadel", "vendor": "zitadel", "versions": [ { "status": "affected", "version": "\u003e= 2.0.0, \u003c 2.2.0" }, { "status": "affected", "version": "\u003e= 1.42.0, \u003c 1.87.1" } ] } ], "descriptions": [ { "lang": "en", "value": "ZITADEL combines the ease of Auth0 and the versatility of Keycloak.**Actions**, introduced in ZITADEL **1.42.0** on the API and **1.56.0** for Console, is a feature, where users with role.`ORG_OWNER` are able to create Javascript Code, which is invoked by the system at certain points during the login. **Actions**, for example, allow creating authorizations (user grants) on newly created users programmatically. Due to a missing authorization check, **Actions** were able to grant authorizations for projects that belong to other organizations inside the same Instance. Granting authorizations via API and Console is not affected by this vulnerability. There is currently no known workaround, users should update." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-436", "description": "CWE-436: Interpretation Conflict", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-31T22:40:10.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-c8fj-4pm8-mp2c" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/zitadel/zitadel/releases/tag/v1.87.1" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/zitadel/zitadel/releases/tag/v2.2.0" } ], "source": { "advisory": "GHSA-c8fj-4pm8-mp2c", "discovery": "UNKNOWN" }, "title": "Broken Authorization in ZITADEL Actions", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-36051", "STATE": "PUBLIC", "TITLE": "Broken Authorization in ZITADEL Actions" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "zitadel", "version": { "version_data": [ { "version_value": "\u003e= 2.0.0, \u003c 2.2.0" }, { "version_value": "\u003e= 1.42.0, \u003c 1.87.1" } ] } } ] }, "vendor_name": "zitadel" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ZITADEL combines the ease of Auth0 and the versatility of Keycloak.**Actions**, introduced in ZITADEL **1.42.0** on the API and **1.56.0** for Console, is a feature, where users with role.`ORG_OWNER` are able to create Javascript Code, which is invoked by the system at certain points during the login. **Actions**, for example, allow creating authorizations (user grants) on newly created users programmatically. Due to a missing authorization check, **Actions** were able to grant authorizations for projects that belong to other organizations inside the same Instance. Granting authorizations via API and Console is not affected by this vulnerability. There is currently no known workaround, users should update." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-436: Interpretation Conflict" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/zitadel/zitadel/security/advisories/GHSA-c8fj-4pm8-mp2c", "refsource": "CONFIRM", "url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-c8fj-4pm8-mp2c" }, { "name": "https://github.com/zitadel/zitadel/releases/tag/v1.87.1", "refsource": "MISC", "url": "https://github.com/zitadel/zitadel/releases/tag/v1.87.1" }, { "name": "https://github.com/zitadel/zitadel/releases/tag/v2.2.0", "refsource": "MISC", "url": "https://github.com/zitadel/zitadel/releases/tag/v2.2.0" } ] }, "source": { "advisory": "GHSA-c8fj-4pm8-mp2c", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-36051", "datePublished": "2022-08-31T22:40:10.000Z", "dateReserved": "2022-07-15T00:00:00.000Z", "dateUpdated": "2025-04-23T17:33:14.632Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-41915 (GCVE-0-2022-41915)
Vulnerability from cvelistv5
► | URL | Tags | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:56:38.478Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/netty/netty/security/advisories/GHSA-hh82-3pmq-7frp" }, { "tags": [ "x_transferred" ], "url": "https://github.com/netty/netty/issues/13084" }, { "tags": [ "x_transferred" ], "url": "https://github.com/netty/netty/pull/12760" }, { "tags": [ "x_transferred" ], "url": "https://github.com/netty/netty/commit/fe18adff1c2b333acb135ab779a3b9ba3295a1c4" }, { "name": "[debian-lts-announce] 20230111 [SECURITY] [DLA 3268-1] netty security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html" }, { "name": "DSA-5316", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5316" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230113-0004/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-41915", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-22T15:39:01.800559Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-22T15:57:32.870Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "netty", "vendor": "netty", "versions": [ { "lessThan": "4.1.86.Final", "status": "affected", "version": "4.1.86.Final", "versionType": "custom" }, { "lessThan": "4.1.83.Final*", "status": "affected", "version": "4.1.83.Final", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not performed, allowing malicious header values in the iterator to perform HTTP Response Splitting. This issue has been patched in version 4.1.86.Final. Integrators can work around the issue by changing the `DefaultHttpHeaders.set(CharSequence, Iterator\u003c?\u003e)` call, into a `remove()` call, and call `add()` in a loop over the iterator of values." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-436", "description": "CWE-436: Interpretation Conflict", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-113", "description": "CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Response Splitting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-13T00:00:00.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "url": "https://github.com/netty/netty/security/advisories/GHSA-hh82-3pmq-7frp" }, { "url": "https://github.com/netty/netty/issues/13084" }, { "url": "https://github.com/netty/netty/pull/12760" }, { "url": "https://github.com/netty/netty/commit/fe18adff1c2b333acb135ab779a3b9ba3295a1c4" }, { "name": "[debian-lts-announce] 20230111 [SECURITY] [DLA 3268-1] netty security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html" }, { "name": "DSA-5316", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5316" }, { "url": "https://security.netapp.com/advisory/ntap-20230113-0004/" } ], "source": { "advisory": "GHSA-hh82-3pmq-7frp", "discovery": "UNKNOWN" } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-41915", "datePublished": "2022-12-13T00:00:00.000Z", "dateReserved": "2022-09-30T00:00:00.000Z", "dateUpdated": "2025-04-22T15:57:32.870Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-22602 (GCVE-0-2023-22602)
Vulnerability from cvelistv5
- CWE-436 - Interpretation Conflict
► | URL | Tags | |||
---|---|---|---|---|---|
|
Vendor | Product | Version | ||
---|---|---|---|---|
Apache Software Foundation | Apache Shiro |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:13:49.411Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://security.netapp.com/advisory/ntap-20230302-0001/" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.apache.org/thread/dzj0k2smpzzgj6g666hrbrgsrlf9yhkl" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-22602", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-01T15:25:09.693167Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-01T15:25:23.157Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Apache Shiro", "vendor": "Apache Software Foundation", "versions": [ { "lessThan": "1.11.0", "status": "unaffected", "version": "0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "v3ged0ge and Adamytd" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003eThe authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot \u0026lt; 2.6 default to Ant style pattern matching.\u003cbr\u003e\u003cp\u003eMitigation: Update to Apache Shiro 1.11.0, or set the following Spring Boot configuration value: `spring.mvc.pathmatch.matching-strategy = ant_path_matcher`\u003cbr\u003e\u003c/p\u003e" } ], "value": "When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass.\n\nThe authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot \u003c 2.6 default to Ant style pattern matching.\nMitigation: Update to Apache Shiro 1.11.0, or set the following Spring Boot configuration value: `spring.mvc.pathmatch.matching-strategy = ant_path_matcher`\n\n\n" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-436", "description": "CWE-436 Interpretation Conflict", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-14T09:33:39.775Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://lists.apache.org/thread/dzj0k2smpzzgj6g666hrbrgsrlf9yhkl" } ], "source": { "discovery": "UNKNOWN" }, "title": "Apache Shiro before 1.11.0, when used with Spring Boot 2.6+, may allow authentication bypass through a specially crafted HTTP request", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2023-22602", "datePublished": "2023-01-14T09:33:39.775Z", "dateReserved": "2023-01-03T23:52:40.911Z", "dateUpdated": "2024-08-02T10:13:49.411Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
No mitigation information available for this CWE.
CAPEC-105: HTTP Request Splitting
['An adversary abuses the flexibility and discrepancies in the parsing and interpretation of HTTP Request messages by different intermediary HTTP agents (e.g., load balancer, reverse proxy, web caching proxies, application firewalls, etc.) to split a single HTTP request into multiple unauthorized and malicious HTTP requests to a back-end HTTP agent (e.g., web server).', 'See CanPrecede relationships for possible consequences.']
CAPEC-273: HTTP Response Smuggling
['An adversary manipulates and injects malicious content in the form of secret unauthorized HTTP responses, into a single HTTP response from a vulnerable or compromised back-end HTTP agent (e.g., server).', 'See CanPrecede relationships for possible consequences.']
CAPEC-34: HTTP Response Splitting
['An adversary manipulates and injects malicious content, in the form of secret unauthorized HTTP responses, into a single HTTP response from a vulnerable or compromised back-end HTTP agent (e.g., web server) or into an already spoofed HTTP response from an adversary controlled domain/site.', 'See CanPrecede relationships for possible consequences.']