Lucene search

GitHub Advisory DatabaseGHSA-4R2F-6FM9-2QGH

HistoryJan 10, 2023 - 6:30 a.m.

Ecto lacks a protection mechanism

2023-01-1006:30:25

GitHub Advisory Database

github.com

ecto 2.2.0

protection mechanism

is_nil

raise

interaction

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

62.3%

JSON

Ecto 2.2.0 lacks a certain protection mechanism associated with the interaction between is_nil and raise.

Affected configurations

Vulners

Node

ecto_projectectoMatch2.2.0

VendorProductVersionCPE
ecto_projectecto2.2.0cpe:2.3:a:ecto_project:ecto:2.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ecto_project	ecto	2.2.0	cpe:2.3:a:ecto_project:ecto:2.2.0:::::::*

References

github.com/advisories/GHSA-2xxx-fhc8-9qvq

github.com/advisories/GHSA-4r2f-6fm9-2qgh

github.com/elixir-ecto/ecto/commit/db55b0cba6525c24ebddc88ef9ae0c1c00620250

github.com/elixir-ecto/ecto/pull/2125

groups.google.com/forum/#!topic/elixir-ecto/0m4NPfg_MMU

nvd.nist.gov/vuln/detail/CVE-2017-20166

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

62.3%

JSON

Related for GHSA-4R2F-6FM9-2QGH