Add CVE-2022-23623 for GHSA-8xxm-h73r-ghfj

2025-07-29 05:56:59 +00:00 · 2022-02-07 22:13:33 +00:00 · 2022-02-07 22:13:33 +00:00 · 6cff417b71
commit 6cff417b71
parent ed09c6db82
1 changed files with 76 additions and 6 deletions
--- a/2022/23xxx/CVE-2022-23623.json
+++ b/2022/23xxx/CVE-2022-23623.json
@ -1,18 +1,88 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2022-23623",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Validation bypass in frourio"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "frourio",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "< 0.26.0"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "frouriojs"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Frourio is a full stack framework, for TypeScript. Frourio users who uses frourio version prior to v0.26.0 and integration with class-validator through `validators/` folder are subject to a input validation vulnerability. Validators do not work properly for request bodies and queries in specific situations and some input is not validated at all. Users are advised to update frourio to v0.26.0 or later and to install `class-transformer` and `reflect-metadata`."
            }
        ]
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "HIGH",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "HIGH",
+            "baseScore": 8.1,
+            "baseSeverity": "HIGH",
+            "confidentialityImpact": "HIGH",
+            "integrityImpact": "HIGH",
+            "privilegesRequired": "NONE",
+            "scope": "UNCHANGED",
+            "userInteraction": "NONE",
+            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-20: Improper Input Validation"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://github.com/frouriojs/frourio/security/advisories/GHSA-8xxm-h73r-ghfj",
+                "refsource": "CONFIRM",
+                "url": "https://github.com/frouriojs/frourio/security/advisories/GHSA-8xxm-h73r-ghfj"
+            },
+            {
+                "name": "https://github.com/frouriojs/frourio/commit/7c19ac5363305b81b1c6b5232620228763d427af",
+                "refsource": "MISC",
+                "url": "https://github.com/frouriojs/frourio/commit/7c19ac5363305b81b1c6b5232620228763d427af"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "GHSA-8xxm-h73r-ghfj",
+        "discovery": "UNKNOWN"
    }
 }