Fluid Attacks Database

Description

rdiffweb vulnerable to Improper Cleanup on Thrown Exception rdiffweb prior to version 2.4.8 is vulnerable to Improper Cleanup on Thrown Exception. This could allow an attacker to display a message of their choice onto a web page. Version 2.4.8 contains a fix for this issue.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
pypi	rdiffweb	>=0 <2.4.8	2.4.8

Aliases

1. CVE-2022-33012. NVD-2022-33013. OSV-2022-33014. GCVE-2022-3301

References

1. https://github.com/ikus060/rdiffweb/commit/5ac38b2a75becbab9f948bd5e37ecbcd9f0b362e2. https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-295.yaml3. https://huntr.dev/bounties/d3bf1e5d-055a-44b8-8d60-54ab966ed63a

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.