CVE-2022-2714 – francoisjacquet/rosariosis

Package

Manager: composer
Name: francoisjacquet/rosariosis
Vulnerable Version: >=0 <10.1

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00113 pctl0.30584

Details

RosarioSIS before 10.1 vulnerable to Improper Handling of Length Parameter Inconsistency RosarioSIS Student Information System prior to version 10.1 is vulnerable to Improper Handling of Length Parameter Inconsistency.

Metadata

Created: 2022-09-07T00:01:54Z
Modified: 2022-09-15T03:20:14Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-vh4m-mw8w-g4w8/GHSA-vh4m-mw8w-g4w8.json
CWE IDs: ["CWE-130"]
Alternative ID: GHSA-vh4m-mw8w-g4w8
Finding: F052
Auto approve: 1