GHSA-hhxh-qphc-v423

Source

https://github.com/advisories/GHSA-hhxh-qphc-v423

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-hhxh-qphc-v423/GHSA-hhxh-qphc-v423.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-hhxh-qphc-v423

Aliases

CVE-2022-23464

Published

2022-09-25T00:00:15Z

Modified

2024-02-22T05:31:30.026303Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Nepxion Discovery vulnerable to potential Information Disclosure due to Server-Side Request Forgery

Details

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery (SSRF). RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There is no patch available for this issue at time of publication. There are no known workarounds.

Database specific

{
    "cwe_ids": [
        "CWE-918"
    ],
    "severity": "MODERATE",
    "nvd_published_at": "2022-09-24T05:15:00Z",
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-28T03:30:26Z"
}

References

Affected packages

Maven / com.nepxion:discovery

Package

Name: com.nepxion:discovery; View open source insights on deps.dev
Purl: pkg:maven/com.nepxion/discovery

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

6.16.2

Affected versions

Edgware.*

Edgware.1.0.0

Finchley.*

Finchley.1.0.0

1.*

1.0.0

1.0.1

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.0.10

2.0.11

3.*

3.0.0

3.0.1

3.1.0

3.2.0

3.2.1

3.2.2

3.3.0

3.3.1

3.3.2

3.3.3

3.3.4

3.3.5

3.3.6

3.3.7

3.3.8

3.3.9

3.3.10

3.3.11

3.3.12

3.3.13

3.3.14

3.3.15

3.3.16

3.3.17

3.3.18

3.3.19

3.3.20

3.3.21

3.3.22

3.3.23

3.3.24

3.3.25

3.3.26

3.3.27

3.3.28

3.3.29

3.3.30

3.3.31

3.4.0

3.4.1

3.4.2

3.4.3

3.4.4

3.4.5

3.4.6

3.4.7

3.4.8

3.4.9

3.5.0

3.5.1

3.5.2

3.5.3

3.5.4

3.5.5

3.5.6

3.5.7

3.5.8

3.5.9

3.6.0

3.6.1

3.6.2

3.6.3

3.6.4

3.6.5

3.6.6

3.6.7

3.6.8

3.6.9

3.6.10

3.6.11

3.6.12

3.6.13

3.6.14

3.6.15

3.6.16

3.6.17

3.6.18

3.6.19

3.6.20

3.7.0

3.7.1

3.7.2

3.7.3

3.7.4

3.7.5

3.7.6

3.7.7

3.7.8

3.7.9

3.7.10

3.7.11

3.7.12

3.8.0-RC1

3.8.0

3.8.1

3.8.2

3.8.2.1

3.8.2.2

3.8.2.3

3.8.2.4

3.8.2.5

3.8.2.6

3.8.3

3.8.4

3.8.4.1

3.8.5

3.8.5.1

3.8.5.2

3.8.6

3.8.6.1

3.8.6.2

3.8.7

3.8.8

3.8.9

3.8.10

3.8.11

3.8.12

3.8.13

3.9.0

3.9.1

3.9.2

3.10.0

3.10.1

3.10.2

3.10.3

3.10.4

3.10.5

3.10.6

3.10.7

3.10.8

3.11.0

3.11.1

3.11.2

3.11.3

3.11.4

3.11.5

3.11.6

3.11.7

3.11.8

3.11.9

3.12.0

3.12.1

3.12.2

3.13.0

3.13.1

3.13.2

3.13.3

3.13.4

3.13.5

3.13.6

3.13.7

3.13.8

3.13.9

3.13.10

3.13.11

3.13.12

3.13.13

3.14.0

3.15.0

3.16.0

3.16.1

3.16.2

3.16.3

3.16.4

3.16.5

3.16.6

3.16.7

3.17.0

3.18.0

3.19.0

3.20.0

3.20.1

3.20.2

3.20.3

3.21.0

3.22.0

3.23.0

3.24.0

3.25.0

3.26.0

3.27.0

3.28.0

3.28.1

3.29.0

3.30.0

3.31.0

3.32.0

3.33.0

3.33.1

3.33.2

3.34.0

3.35.0

3.36.0

3.37.0

3.38.0

4.*

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.0.7

4.0.8

4.0.9

4.1.0

4.1.1

4.1.2

4.1.3

4.1.4

4.1.5

4.1.6

4.1.7

4.1.8

4.1.9

4.2.0

4.2.1

4.2.2

4.2.3

4.2.4

4.2.5

4.2.6

4.2.7

4.2.8

4.2.9

4.3.0

4.3.1

4.3.2

4.3.3

4.3.4

4.3.5

4.3.6

4.3.7

4.3.8

4.3.9

4.3.10

4.3.11

4.3.12

4.3.13

4.3.14

4.3.15

4.3.16

4.3.17

4.3.18

4.3.19

4.3.20

4.7.0

4.7.1

4.7.2

4.7.3

4.7.4

4.7.5

4.7.6

4.7.7

4.7.8

4.7.9

4.7.10

4.7.11

4.7.12

4.8.0-RC1

4.8.0

4.8.1

4.8.2

4.8.2.1

4.8.2.2

4.8.2.3

4.8.2.4

4.8.2.5

4.8.2.6

4.8.3

4.8.4

4.8.4.1

4.8.5

4.8.5.1

4.8.5.2

4.8.6

4.8.6.1

4.8.6.2

4.8.7

4.8.8

4.8.9

4.8.10

4.8.11

4.8.12

4.8.13

4.9.0

4.9.1

4.9.2

4.10.0

4.10.1

4.10.2

4.10.3

4.10.4

4.10.5

4.10.6

4.10.7

4.10.8

4.11.0

4.11.1

4.11.2

4.11.3

4.11.4

4.11.5

4.11.6

4.11.7

4.11.8

4.11.9

4.12.0

4.12.1

4.12.2

4.13.0

4.13.1

4.13.2

4.13.3

4.13.4

4.13.5

4.13.6

4.13.7

4.13.8

4.13.9

4.13.10

4.13.11

4.13.12

4.13.13

4.14.0

4.15.0

5.*

5.0.0

5.0.0.1

5.0.0.2

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

5.0.7

5.0.8

5.1.0

5.1.1

5.1.2

5.2.0

5.2.1

5.2.2

5.2.3

5.2.4

5.2.5

5.2.6

5.2.7

5.2.8

5.3.0

5.3.1

5.3.2

5.3.3

5.3.4

5.3.5

5.3.6

5.3.7

5.3.8

5.3.9

5.4.0

5.4.1

5.4.2

5.5.0

5.5.1

5.5.2

5.5.3

5.5.4

5.5.5

5.5.6

5.5.7

5.5.8

5.5.9

5.5.10

5.5.11

5.5.12

5.5.13

5.6.0

6.*

6.0.0

6.0.1

6.0.2

6.0.3

6.0.4

6.0.5

6.0.6

6.0.7

6.1.0

6.2.0

6.3.0

6.3.1

6.3.2

6.3.3

6.5.0

6.6.0

6.7.0

6.8.0

6.9.0

6.10.0

6.11.0

6.12.0

6.12.1

6.12.2

6.12.3

6.12.4

6.12.5

6.12.6

6.12.7

6.12.8

6.12.9

6.12.10

6.12.11

6.13.0

6.13.1

6.14.0

6.15.0

6.16.0

6.16.1

6.16.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-hhxh-qphc-v423/GHSA-hhxh-qphc-v423.json"