CVE-2022-36537
- Source
- https://cve.org/CVERecord?id=CVE-2022-36537
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-36537.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-36537
- Aliases
- Published
- 2022-08-26T20:15:08.303Z
- Modified
- 2026-02-11T13:27:39.472275Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.
- References
-
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-36537
- https://tracker.zkoss.org/browse/ZK-5150
- https://www.bleepingcomputer.com/news/security/cisa-warns-of-hackers-exploiting-zk-java-framework-rce-flaw/
- https://tracker.zkoss.org/browse/ZK-5150
- https://tracker.zkoss.org/browse/ZK-5150
Affected packages
Git / github.com/zkoss/zk
Affected ranges
- Type
- GIT
- Repo
- https://github.com/zkoss/zk
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedFixedIntroducedFixed
Affected versions
v8.*
v8.6.4
v9.*
v9.0.0
v9.0.0.1
v9.0.1
v9.0.1.1
v9.0.1.2
v9.1.0
v9.5.0
v9.5.0.1
v9.5.0.2
v9.5.1
v9.5.1.1
v9.5.1.2
Database specific
vanir_signatures
[
{
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "zk/src/org/zkoss/zk/Version.java"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"117576616078778999642976925321291918973",
"333628973242060767816104327271779652870"
]
},
"id": "CVE-2022-36537-291c1c74",
"source": "https://github.com/zkoss/zk/commit/4271cf0b0a9a1686fafc43af169bc3768f57cba0",
"signature_type": "Line"
},
{
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "zk/src/org/zkoss/zk/Version.java"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"65590753180256321531435750335816438997",
"149143847992644947948913359545227319018"
]
},
"id": "CVE-2022-36537-3a076a92",
"source": "https://github.com/zkoss/zk/commit/fa2007a98b562012b42734def9373f1d5e456897",
"signature_type": "Line"
},
{
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "zk/src/org/zkoss/zk/Version.java"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"7365089467909330125349943113272355522",
"47332037741835786028406970016400998198"
]
},
"id": "CVE-2022-36537-8f60720d",
"source": "https://github.com/zkoss/zk/commit/9b0d586e384f0962798ece209dcf30ccd9cc35f3",
"signature_type": "Line"
},
{
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "zk/src/org/zkoss/zk/Version.java"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"137711726433433016033059931372245228343",
"202631413215551158619460968328017010123"
]
},
"id": "CVE-2022-36537-a081c810",
"source": "https://github.com/zkoss/zk/commit/901c4a647002475d126fda878f4b3bbb2290fba9",
"signature_type": "Line"
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-36537.json"