GHSA-m379-x4xc-38x9
Suggest an improvement- Source
- https://github.com/advisories/GHSA-m379-x4xc-38x9
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-m379-x4xc-38x9/GHSA-m379-x4xc-38x9.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-m379-x4xc-38x9
- Aliases
- Published
- 2022-09-09T00:00:56Z
- Modified
- 2024-10-25T21:36:59.775835Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- rdiffweb vulnerable to Improper Restriction of Rendered UI Layers or Frames
- Details
-
rdiffweb prior to 2.4.1 is vulnerable to Improper Restriction of Rendered UI Layers or Frames. This allows attackers to perform clickjacking attacks that can trick victims into performing actions such as entering passwords, liking or deleting posts, and/or initiating an account deletion. This issue has been patched in version 2.4.1.
- Database specific
{ "nvd_published_at": "2022-09-08T19:15:00Z", "cwe_ids": [ "CWE-1021" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2022-09-16T17:08:07Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-3167
- https://github.com/ikus060/rdiffweb/commit/7294bb7466532762c93d711211e5958940c1b428
- https://github.com/advisories/GHSA-m379-x4xc-38x9
- https://github.com/ikus060/rdiffweb
- https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-268.yaml
- https://huntr.dev/bounties/e5c2625b-34cc-4805-8223-80f2689e4e5c
Affected packages
PyPI / rdiffweb
Package
- Name
- rdiffweb
- View open source insights on deps.dev
- Purl
- pkg:pypi/rdiffweb
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.1
Affected versions
0.*
0.9.2.dev1
0.9.3
0.9.4
0.9.5
0.10.0
0.10.2
0.10.3
0.10.4
0.10.5
0.10.6
0.10.7
0.10.8
0.10.9
1.*
1.0.0a1
1.0.0a2
1.0.0a3
1.0.0a4
1.0.0
1.0.1
1.0.2
1.0.3
1.1.0
1.2.0
1.2.1
1.2.2
1.3.0
1.3.1b1
1.3.1b2
1.3.1
1.3.2
1.4.0b1
1.4.0b2
1.4.0b3
1.4.0b4
1.4.0b5
1.4.0
1.4.1b1
1.4.1b2
1.4.1b3
1.5.0
1.5.1b1
1.5.1b2
1.6.0b1
2.*
2.0.1b2
2.0.1b3
2.0.2
2.0.3a1
2.0.3a2
2.0.3a3
2.0.3a4
2.0.3a5
2.0.3a6
2.0.3a7
2.1.0
2.2.0.dev1
2.2.0a1
2.2.0a2
2.2.0a3
2.2.0a4
2.2.0a5
2.2.0a6
2.2.0
2.2.1
2.3.0
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.8
2.3.9
2.4.0