CVE-2022-3301 – rdiffweb

Package

Manager: pip
Name: rdiffweb
Vulnerable Version: >=0 <2.4.8

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00071 pctl0.22303

Details

rdiffweb vulnerable to Improper Cleanup on Thrown Exception rdiffweb prior to version 2.4.8 is vulnerable to Improper Cleanup on Thrown Exception. This could allow an attacker to display a message of their choice onto a web page. Version 2.4.8 contains a fix for this issue.

Metadata

Created: 2022-09-27T00:00:22Z
Modified: 2024-10-25T21:29:58Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-qq29-5vjh-vxwr/GHSA-qq29-5vjh-vxwr.json
CWE IDs: ["CWE-460"]
Alternative ID: GHSA-qq29-5vjh-vxwr
Finding: F008
Auto approve: 1