GHSA-hggv-mcp4-vxc5

Source

https://github.com/advisories/GHSA-hggv-mcp4-vxc5

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-hggv-mcp4-vxc5/GHSA-hggv-mcp4-vxc5.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-hggv-mcp4-vxc5

Aliases

Published

2022-03-12T00:00:37Z

Modified

2024-09-20T21:25:03.040318Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

Improper Authentication in FreeTAKServer

Details

FreeTAKServer is an open source, lightweight Server for connect TAK clients. An access control issue in the component /ManageRoute/postRoute of FreeTAKServer version 1.9.8 allows unauthenticated attackers to cause a Denial of Service (DoS) via an unusually large amount of created routes, or create unsafe or false routes for legitimate users. There is currently no known workaround. This issue was fixed in version 1.9.8.5.

Database specific

{
    "github_reviewed": true,
    "nvd_published_at": "2022-03-11T00:15:00Z",
    "severity": "HIGH",
    "cwe_ids": [
        "CWE-287",
        "CWE-306"
    ],
    "github_reviewed_at": "2022-03-14T23:17:58Z"
}

References

Affected packages

PyPI / freetakserver

Package

Name: freetakserver; View open source insights on deps.dev
Purl: pkg:pypi/freetakserver

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.9.8.5

Affected versions

0.*

0.0.1.5

0.1.0

0.1.1

0.1.1.0.1

0.1.1.0.2

0.1.1.0.3

0.1.2

0.1.3

0.1.3.9.4

0.1.4

0.1.5

0.1.5.1

0.1.5.2

0.1.5.3

0.1.5.4

0.1.5.5

0.1.5.5.1

0.1.5.5.2

0.1.5.6

0.1.5.7

0.1.5.8

0.1.6

0.1.7.3

0.1.8

0.1.8.1

0.1.9

0.1.9.1

0.1.9.1.5

0.1.9.2

0.1.9.2.5

0.1.9.5.6

0.1.9.8.5

0.1.9.9.1

0.1.9.9.5.5

0.2a1

0.2.0.11a0

0.2.0.13

0.2.0.17b0

0.2.1a1

0.2.1.0

0.2.1.1

0.2.1.2

0.8.13

0.8.19

0.8.19.6

0.8.19.6.1

0.8.19.6.2

0.8.19.6.3

0.8.20

0.8.20.1

0.8.21

0.8.22

0.8.23

0.8.50

0.8.50.1

0.8.75

0.8.75.1

0.8.76

0.9.9

0.9.9.1

0.9.9.2

0.111

0.112

1.*

1.0.3

1.1

1.1.1

1.1.2

1.2

1.2.0.1

1.2.0.2

1.2.5

1.3

1.3.0.5

1.3.0.6

1.5.10

1.5.10.1

1.5.10.2

1.5.12

1.7.1

1.7.5

1.8

1.8.1

1.9

1.9.1

1.9.1.5

1.9.5

1.9.5.1

1.9.6

1.9.6.1

1.9.7

1.9.8

Database specific

{
    "last_known_affected_version_range": "<= 1.9.8"
}