CVE-2022-21211

Exploit

EPSS 0.43%
Veröffentlicht 10.06.2022 20:15:07
Zuletzt bearbeitet 21.11.2024 06:44:07
Quelle report@snyk.io
CVE-Watchlists
Login
Unerledigt
Login

This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable (not a function), and then it will crash with type-check.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Posix Project ≫ Posix SwPlatformnode.js

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.43%	0.619

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
report@snyk.io	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-252 Unchecked Return Value

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

https://snyk.io/vuln/SNYK-JS-POSIX-2400719

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-21211

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-21211

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-21211

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-21211