Lucene search

GitHub_MCVE-2022-31033

HistoryJun 09, 2022 - 8:15 p.m.

CVE-2022-31033

2022-06-0920:15:08

CWE-200

GitHub_M

web.nvd.nist.gov

mechanize

library

automation

security

vulnerability

cve-2022-31033

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

41.2%

JSON

The Mechanize library is used for automating interaction with websites. Mechanize automatically stores and sends cookies, follows redirects, and can follow links and submit forms. In versions prior to 2.8.5 the Authorization header is leaked after a redirect to a different port on the same site. Users are advised to upgrade to Mechanize v2.8.5 or later. There are no known workarounds for this issue.

Affected configurations

Nvd

Vulners

Node

mechanize_projectmechanizeRange<2.8.5ruby

Node

fedoraprojectfedoraMatch35

fedoraprojectfedoraMatch36

VendorProductVersionCPE
mechanize_projectmechanize*cpe:2.3:a:mechanize_project:mechanize:*:*:*:*:*:ruby:*:*
fedoraprojectfedora35cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
fedoraprojectfedora36cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mechanize_project	mechanize	*	cpe:2.3:a:mechanize_project:mechanize::::::ruby::*
fedoraproject	fedora	35	cpe:2.3:o:fedoraproject:fedora:35:::::::*
fedoraproject	fedora	36	cpe:2.3:o:fedoraproject:fedora:36:::::::*

CNA Affected

[
  {
    "product": "mechanize",
    "vendor": "sparklemotion",
    "versions": [
      {
        "status": "affected",
        "version": "< 2.8.5"
      }
    ]
  }
]