Lucene search

GitHub_MCVE-2022-41945

HistoryNov 21, 2022 - 11:15 p.m.

CVE-2022-41945

2022-11-2123:15:10

CWE-94

GitHub_M

web.nvd.nist.gov

cve

2022

41945

super-xray

vulnerability

scanner

gui launcher

rce

upgrade

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.003

Percentile

69.7%

JSON

super-xray is a vulnerability scanner (xray) GUI launcher. In version 0.1-beta, the URL is not filtered and directly spliced into the command, resulting in a possible RCE vulnerability. Users should upgrade to super-xray 0.2-beta.

Affected configurations

Nvd

Vulners

Node

super-xray_projectsuper-xrayMatch0.1beta

VendorProductVersionCPE
super-xray_projectsuper-xray0.1cpe:2.3:a:super-xray_project:super-xray:0.1:beta:*:*:*:*:*:*

Vendor	Product	Version	CPE
super-xray_project	super-xray	0.1	cpe:2.3:a:super-xray_project:super-xray:0.1:beta::::::

CNA Affected

[
  {
    "vendor": "4ra1n",
    "product": "super-xray",
    "versions": [
      {
        "version": "< 0.2-beta",
        "status": "affected"
      }
    ]
  }
]

References

github.com/4ra1n/super-xray/releases/tag/0.2-beta

github.com/4ra1n/super-xray/security/advisories/GHSA-732j-763p-cvqg

Social References

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.003

Percentile

69.7%

JSON

Related for CVE-2022-41945