CVE-2022-41958

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-41958

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-41958.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-41958

Aliases

GHSA-39pv-4vmj-c4fr

Published

2022-11-25T00:00:00Z

Modified

2025-11-28T05:01:41.905518Z

Severity

7.3 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Deserialization Vulnerability by yaml config input in super-xray

Details

super-xray is a web vulnerability scanning tool. Versions prior to 0.7 assumed trusted input for the program config which is stored in a yaml file. An attacker with local access to the file could exploit this and compromise the program. This issue has been addressed in commit 4d0d5966 and will be included in future releases. Users are advised to upgrade. There are no known workarounds for this issue.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-502"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/41xxx/CVE-2022-41958.json"
}

References

Affected packages

Git / github.com/4ra1n/super-xray

Affected ranges

Type: GIT
Repo: https://github.com/4ra1n/super-xray
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7a1dcf51f741cb65d7a542bf3d31e562287a42bd

Affected versions

0.*

0.1-beta

0.2-beta

0.3-beta

0.4-beta

0.5-beta

0.6-beta