CVE-2023-49958

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-49958

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-49958.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-49958

Published

2023-12-07T13:15:07.833Z

Modified

2025-11-15T07:02:25.087748Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. The server processes mishandle StartTransaction messages containing additional, arbitrary properties, or duplicate properties. The last occurrence of a duplicate property is accepted. This could be exploited to alter transaction records or impact system integrity.

References

https://github.com/dallmann-consulting/OCPP.Core/issues/36

Affected packages

Git / github.com/dallmann-consulting/ocpp.core

Affected ranges

Type: GIT
Repo: https://github.com/dallmann-consulting/ocpp.core
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

7d1d59090aa895043b28f0c5b14212c3e69a39cf

Affected versions

0.*

0.1

V1.*

V1.1.0

V1.2.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-49958.json"