Fluid Attacks Database

Description

rdiffweb vulnerable to Improper Restriction of Rendered UI Layers or Frames rdiffweb prior to 2.4.1 is vulnerable to Improper Restriction of Rendered UI Layers or Frames. This allows attackers to perform clickjacking attacks that can trick victims into performing actions such as entering passwords, liking or deleting posts, and/or initiating an account deletion. This issue has been patched in version 2.4.1.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
pypi	rdiffweb	>=0 <2.4.1	2.4.1

Aliases

1. CVE-2022-31672. NVD-2022-31673. OSV-2022-31674. GHSA-m379-x4xc-38x95. GCVE-2022-3167

References

1. https://github.com/ikus060/rdiffweb/commit/7294bb7466532762c93d711211e5958940c1b4282. https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-268.yaml3. https://huntr.dev/bounties/e5c2625b-34cc-4805-8223-80f2689e4e5c

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.