Lucene search

GitHub Advisory DatabaseGHSA-X2JX-W3WM-9P3P

HistoryDec 05, 2022 - 6:30 a.m.

nadesiko3 allows remote attacker to inject invalid value to decodeURIComponent of nako3edit

2022-12-0506:30:22

CWE-703

CWE-755

GitHub Advisory Database

github.com

nadesiko 3

nako3edit

remote attacker

invalid value

decodeuricomponent

server crash

vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.006

Percentile

78.9%

JSON

Nako3edit is the editor component of Nadeshiko 3, a programming language developed based on Japanese. Improper check or handling of exceptional conditions in Nako3edit v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash.

Affected configurations

Vulners

Node

kujirahandnadesiko3Range<3.3.75

VendorProductVersionCPE
kujirahandnadesiko3*cpe:2.3:a:kujirahand:nadesiko3:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
kujirahand	nadesiko3	*	cpe:2.3:a:kujirahand:nadesiko3::::::::

References

github.com/advisories/GHSA-x2jx-w3wm-9p3p

github.com/kujirahand/nadesiko3/issues/1325

github.com/kujirahand/nadesiko3/issues/1347

github.com/kujirahand/nadesiko3/releases/tag/3.3.75

jvn.jp/en/jp/JVN56968681/index.html

nvd.nist.gov/vuln/detail/CVE-2022-41777

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.006

Percentile

78.9%

JSON

Related for GHSA-X2JX-W3WM-9P3P