admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 05:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#8486

Browse Source 
Auto-merge PR#8486
This commit is contained in:
CVE Team 2023-01-13 15:20:12 -05:00 committed by GitHub
commit 7a1cab2a0c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
2023/22xxx/CVE-2023-22494.json
View File

@ -1,105 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-22494",
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
"ID": "CVE-2023-22494",
"STATE": "REJECT"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "a12nserver is an open source lightweight OAuth2 server. Users of a12nserver that use MySQL might be vulnerable to SQL injection bugs. If you use a12nserver and MySQL, update as soon as possible. This SQL injection bug might let an attacker obtain OAuth2 Access Tokens for users unrelated to those that permitted OAuth2 clients. The knex dependency has been updated to 2.4.0 in a12nserver 0.23.0. There are no known workarounds."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "curveball",
"product": {
"product_data": [
{
"product_name": "a12n-server",
"version": {
"version_data": [
{
"version_value": ">= 0.20.0, < 0.23.0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ghostccamm.com/blog/knex_sqli/",
"refsource": "MISC",
"name": "https://www.ghostccamm.com/blog/knex_sqli/"
},
{
"url": "https://github.com/knex/knex/issues/1227",
"refsource": "MISC",
"name": "https://github.com/knex/knex/issues/1227"
},
{
"url": "https://github.com/curveball/a12n-server/security/advisories/GHSA-crhg-xgrg-vvcc",
"refsource": "MISC",
"name": "https://github.com/curveball/a12n-server/security/advisories/GHSA-crhg-xgrg-vvcc"
},
{
"url": "https://github.com/curveball/a12n-server/commit/f4acd7549043e6e2b8917b77a50dce0756a922cc",
"refsource": "MISC",
"name": "https://github.com/curveball/a12n-server/commit/f4acd7549043e6e2b8917b77a50dce0756a922cc"
},
{
"url": "https://github.com/curveball/a12n-server/releases/tag/v0.23.0",
"refsource": "MISC",
"name": "https://github.com/curveball/a12n-server/releases/tag/v0.23.0"
}
]
},
"source": {
"advisory": "GHSA-crhg-xgrg-vvcc",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-20018. Reason: This candidate is a reservation duplicate of CVE-2016-20018. Notes: All CVE users should reference CVE-2016-20018 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}