9.8
CVE-2023-0299
- EPSS 0.91%
- Veröffentlicht 14.01.2023 15:15:08
- Zuletzt bearbeitet 21.11.2024 07:36:55
- Quelle security@huntr.dev
- CVE-Watchlists
- Unerledigt
LoginImproper Input Validation in publify/publify
Improper Input Validation in GitHub repository publify/publify prior to 9.2.10.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Publify Project ≫ Publify Version < 9.2.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.91% | 0.552 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| security@huntr.dev | 8.4 | 1.7 | 6 |
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://github.com/publify/publify/commit/ca46da283572b4f8c0b5aa245008756c8a5fd1b1
https://huntr.dev/bounties/0049774b-1857-46dc-a834-f1fb15138c53