GHSA-qq29-5vjh-vxwr

Suggest an improvement
Source
https://github.com/advisories/GHSA-qq29-5vjh-vxwr
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-qq29-5vjh-vxwr/GHSA-qq29-5vjh-vxwr.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-qq29-5vjh-vxwr
Aliases
Published
2022-09-27T00:00:22Z
Modified
2024-10-25T21:38:36.878479Z
Severity
  • 2.4 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N CVSS Calculator
  • 4.8 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
rdiffweb vulnerable to Improper Cleanup on Thrown Exception
Details

rdiffweb prior to version 2.4.8 is vulnerable to Improper Cleanup on Thrown Exception. This could allow an attacker to display a message of their choice onto a web page. Version 2.4.8 contains a fix for this issue.

Database specific
{
    "nvd_published_at": "2022-09-26T11:15:00Z",
    "cwe_ids": [
        "CWE-460"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-30T04:44:55Z"
}
References

Affected packages

PyPI / rdiffweb

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.8

Affected versions

0.*

0.9.2.dev1
0.9.3
0.9.4
0.9.5
0.10.0
0.10.2
0.10.3
0.10.4
0.10.5
0.10.6
0.10.7
0.10.8
0.10.9

1.*

1.0.0a1
1.0.0a2
1.0.0a3
1.0.0a4
1.0.0
1.0.1
1.0.2
1.0.3
1.1.0
1.2.0
1.2.1
1.2.2
1.3.0
1.3.1b1
1.3.1b2
1.3.1
1.3.2
1.4.0b1
1.4.0b2
1.4.0b3
1.4.0b4
1.4.0b5
1.4.0
1.4.1b1
1.4.1b2
1.4.1b3
1.5.0
1.5.1b1
1.5.1b2
1.6.0b1

2.*

2.0.1b2
2.0.1b3
2.0.2
2.0.3a1
2.0.3a2
2.0.3a3
2.0.3a4
2.0.3a5
2.0.3a6
2.0.3a7
2.1.0
2.2.0.dev1
2.2.0a1
2.2.0a2
2.2.0a3
2.2.0a4
2.2.0a5
2.2.0a6
2.2.0
2.2.1
2.3.0
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.8
2.3.9
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6
2.4.7