CVE-2022-31149
- Source
- https://cve.org/CVERecord?id=CVE-2022-31149
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-31149.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-31149
- Aliases
-
- GHSA-v9fg-6g9j-h4x4
- Published
- 2022-09-07T13:50:12Z
- Modified
- 2026-02-15T03:08:38.095328Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- ActivityWatch vulnerable to DNS rebinding attack
- Details
-
ActivityWatch open-source automated time tracker. Versions prior to 0.12.0b2 are vulnerable to DNS rebinding attacks. This vulnerability impacts everyone running ActivityWatch and gives the attacker full access to the ActivityWatch REST API. Users should upgrade to v0.12.0b2 or later to receive a patch. As a workaround, block DNS lookups that resolve to 127.0.0.1.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/31xxx/CVE-2022-31149.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-290" ] }- References
-
- https://gist.github.com/zozs/fdebbce75fc8538c15851b46db944a16
- https://github.com/ActivityWatch/activitywatch/discussions/778
- https://github.com/ActivityWatch/activitywatch/security/advisories/GHSA-v9fg-6g9j-h4x4
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/31xxx/CVE-2022-31149.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-31149
Affected packages
Git / github.com/activitywatch/activitywatch
Affected ranges
- Type
- GIT
- Repo
- https://github.com/activitywatch/activitywatch
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.1
v0.1.1
v0.10.0
v0.11.0
v0.11.0b1
v0.12.0b1
v0.2.0
v0.3.0
v0.3.1
v0.3.2
v0.4.0
v0.4.0a1
v0.4.0a2
v0.4.0a3
v0.4.0a4
v0.4.0a5
v0.5.0
v0.5.1
v0.6.0-a1
v0.6.0-a2
v0.6.0-a3
v0.6.0a10
v0.6.0a11
v0.6.0a12
v0.6.0a13
v0.6.0a4
v0.6.0a5
v0.6.0a6
v0.6.0a7
v0.6.0a8
v0.6.0a9
v0.7.0a1
v0.7.0a2
v0.7.0a3
v0.7.0a4
v0.7.0a5
v0.7.0a6
v0.7.0a7
v0.7.0b1
v0.7.0b2
v0.7.0b3
v0.7.0b4
v0.7.1
v0.8.0b1
v0.8.0b2
v0.8.0b3
v0.8.0b4
v0.8.0b5
v0.8.0b6
v0.8.0b7
v0.8.0b8
v0.8.0b9
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.9.0
v0.9.1
v0.9.2