GHSA-83pm-7v48-5jp4
Suggest an improvement- Source
- https://github.com/advisories/GHSA-83pm-7v48-5jp4
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-83pm-7v48-5jp4/GHSA-83pm-7v48-5jp4.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-83pm-7v48-5jp4
- Aliases
- Published
- 2022-12-27T15:30:19Z
- Modified
- 2024-10-25T21:47:24.682827Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator
- 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- rdiffweb vulnerable to Special Element Injection
- Details
-
In rdiffweb prior to 2.5.5, lack of sanitisation of characters in SSH key name could allow attacker to inject a hyperlink injection that could allow attacker to redirect victim to malicious websites.
- Database specific
{ "nvd_published_at": "2022-12-27T15:15:00Z", "github_reviewed_at": "2022-12-30T18:01:57Z", "severity": "MODERATE", "cwe_ids": [ "CWE-75" ], "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-4721
- https://github.com/ikus060/rdiffweb/commit/6afaae56a29536f0118b3380d296c416aa6d078d
- https://github.com/ikus060/rdiffweb
- https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-43007.yaml
- https://huntr.dev/bounties/3c48ef5d-da4d-4ee4-aaca-af65e7273720
Affected packages
PyPI / rdiffweb
Package
- Name
- rdiffweb
- View open source insights on deps.dev
- Purl
- pkg:pypi/rdiffweb
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.5.5
Affected versions
0.*
0.9.2.dev1
0.9.3
0.9.4
0.9.5
0.10.0
0.10.2
0.10.3
0.10.4
0.10.5
0.10.6
0.10.7
0.10.8
0.10.9
1.*
1.0.0a1
1.0.0a2
1.0.0a3
1.0.0a4
1.0.0
1.0.1
1.0.2
1.0.3
1.1.0
1.2.0
1.2.1
1.2.2
1.3.0
1.3.1b1
1.3.1b2
1.3.1
1.3.2
1.4.0b1
1.4.0b2
1.4.0b3
1.4.0b4
1.4.0b5
1.4.0
1.4.1b1
1.4.1b2
1.4.1b3
1.5.0
1.5.1b1
1.5.1b2
1.6.0b1
2.*
2.0.1b2
2.0.1b3
2.0.2
2.0.3a1
2.0.3a2
2.0.3a3
2.0.3a4
2.0.3a5
2.0.3a6
2.0.3a7
2.1.0
2.2.0.dev1
2.2.0a1
2.2.0a2
2.2.0a3
2.2.0a4
2.2.0a5
2.2.0a6
2.2.0
2.2.1
2.3.0
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.8
2.3.9
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6
2.4.7
2.4.8
2.4.9
2.4.10
2.4.11a1
2.4.11
2.5.0a7
2.5.0a8
2.5.0a9
2.5.0
2.5.1
2.5.2
2.5.3
2.5.4b1
2.5.4