Fluid Attacks Database

Description

rdiffweb vulnerable to Special Element Injection In rdiffweb prior to 2.5.5, lack of sanitisation of characters in SSH key name could allow attacker to inject a hyperlink injection that could allow attacker to redirect victim to malicious websites.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
pypi	rdiffweb	>=0 <2.5.5	2.5.5

Aliases

1. CVE-2022-47212. NVD-2022-47213. OSV-2022-47214. GCVE-2022-4721

References

1. https://github.com/ikus060/rdiffweb/commit/6afaae56a29536f0118b3380d296c416aa6d078d2. https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-43007.yaml3. https://huntr.dev/bounties/3c48ef5d-da4d-4ee4-aaca-af65e7273720

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.