CVE-2022-2900 - OpenCVE

Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 8.1.0.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Parse-url Project	Parse-url

Configuration 1 [-]

cpe:2.3:a:parse-url_project:parse-url:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/ionicabizau/parse-url/commit/b88c81df8f4c5168af454eaa4f92afa9349e4e13	Patch Third Party Advisory
https://huntr.dev/bounties/1b4c972a-abc8-41eb-a2e1-696db746b5fd	Exploit Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: @huntrdev

Published: 2022-09-14T08:30:13

Updated: 2022-09-14T09:10:08

Reserved: 2022-08-19T00:00:00

Link: CVE-2022-2900

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-09-14T11:15:47.513

Modified: 2022-09-16T02:58:58.317

Link: CVE-2022-2900

JSON object: View

Redhat Information

No data.

CWE

CWE-918

{"containers": {"cna": {"affected": [{"product": "ionicabizau/parse-url", "vendor": "ionicabizau", "versions": [{"lessThan": "8.1.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 8.1.0."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-14T09:10:08", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://huntr.dev/bounties/1b4c972a-abc8-41eb-a2e1-696db746b5fd"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/ionicabizau/parse-url/commit/b88c81df8f4c5168af454eaa4f92afa9349e4e13"}], "source": {"advisory": "1b4c972a-abc8-41eb-a2e1-696db746b5fd", "discovery": "EXTERNAL"}, "title": "Server-Side Request Forgery (SSRF) in ionicabizau/parse-url", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-2900", "STATE": "PUBLIC", "TITLE": "Server-Side Request Forgery (SSRF) in ionicabizau/parse-url"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ionicabizau/parse-url", "version": {"version_data": [{"version_affected": "<", "version_value": "8.1.0"}]}}]}, "vendor_name": "ionicabizau"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 8.1.0."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-918 Server-Side Request Forgery (SSRF)"}]}]}, "references": {"reference_data": [{"name": "https://huntr.dev/bounties/1b4c972a-abc8-41eb-a2e1-696db746b5fd", "refsource": "CONFIRM", "url": "https://huntr.dev/bounties/1b4c972a-abc8-41eb-a2e1-696db746b5fd"}, {"name": "https://github.com/ionicabizau/parse-url/commit/b88c81df8f4c5168af454eaa4f92afa9349e4e13", "refsource": "MISC", "url": "https://github.com/ionicabizau/parse-url/commit/b88c81df8f4c5168af454eaa4f92afa9349e4e13"}]}, "source": {"advisory": "1b4c972a-abc8-41eb-a2e1-696db746b5fd", "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-2900", "datePublished": "2022-09-14T08:30:13", "dateReserved": "2022-08-19T00:00:00", "dateUpdated": "2022-09-14T09:10:08", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:parse-url_project:parse-url:*:*:*:*:*:*:*:*", "matchCriteriaId": "8093A003-0081-457A-BB8D-D56A119FAC15", "versionEndExcluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 8.1.0."}, {"lang": "es", "value": "Una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en el repositorio de GitHub ionicabizau/parse-url versiones anteriores a 8.1.0"}], "id": "CVE-2022-2900", "lastModified": "2022-09-16T02:58:58.317", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-14T11:15:47.513", "references": [{"source": "security@huntr.dev", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/ionicabizau/parse-url/commit/b88c81df8f4c5168af454eaa4f92afa9349e4e13"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/1b4c972a-abc8-41eb-a2e1-696db746b5fd"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-918"}], "source": "security@huntr.dev", "type": "Secondary"}]}