Lucene search

[email protected]CVE-2022-40160

HistoryOct 06, 2022 - 6:16 p.m.

CVE-2022-40160

2022-10-0618:16:50

CWE-121

CWE-787

[email protected]

web.nvd.nist.gov

cve

2022

40160

security context

dispute

cna rules

oss-fuzz

jxpath

google

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.3%

JSON

DISPUTED This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA rules. After review by the JXPath maintainers, the original report was found to be invalid.

Affected configurations

Vulners

NVD

Node

apachecommons_jxpathRange≤1.3

CPENameOperatorVersion
apache:commons_jxpathapache commons jxpathle1.3

CPE	Name	Operator	Version
apache:commons_jxpath	apache commons jxpath	le	1.3

CNA Affected

[
  {
    "product": "jxpath",
    "vendor": "jxpath",
    "versions": [
      {
        "lessThanOrEqual": "1.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]