Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS00NzkzLTh3d2gtanh4cs4AArMr

Business Logic Errors in Para

Paraara prior to version 1.46.0 is vulnerable to business logic errors. A user can create more than one app, even after they reach the app limit.

Permalink: https://github.com/advisories/GHSA-4793-8wwh-jxxr
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00NzkzLTh3d2gtanh4cs4AArMr
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: over 1 year ago

CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Identifiers: GHSA-4793-8wwh-jxxr, CVE-2022-1848
References:

Repository: https://github.com/erudika/para
Blast Radius: 5.9

Affected Packages

maven:com.erudika:para-core

Dependent packages: 9
Dependent repositories: 13
Downloads:
Affected Version Ranges: < 1.46.0
Fixed in: 1.46.0
All affected versions: 1.14.1, 1.16.1, 1.16.2, 1.17.1, 1.18.0, 1.18.1, 1.18.2, 1.18.3, 1.18.4, 1.18.5, 1.18.6, 1.18.7, 1.18.8, 1.18.9, 1.19.0, 1.20.0, 1.21.0, 1.21.1, 1.22.0, 1.23.0, 1.23.1, 1.24.0, 1.24.1, 1.24.2, 1.24.3, 1.24.4, 1.24.5, 1.25.0, 1.25.1, 1.25.2, 1.25.3, 1.25.4, 1.25.5, 1.26.0, 1.26.1, 1.26.2, 1.27.0, 1.28.0, 1.28.1, 1.28.2, 1.28.3, 1.28.4, 1.28.5, 1.29.0, 1.29.1, 1.29.2, 1.30.0, 1.30.1, 1.30.2, 1.31.0, 1.31.1, 1.31.2, 1.31.3, 1.32.0, 1.33.0, 1.33.1, 1.34.0, 1.34.1, 1.34.2, 1.34.3, 1.35.0, 1.36.0, 1.36.1, 1.37.0, 1.37.1, 1.38.0, 1.38.1, 1.38.2, 1.38.3, 1.38.4, 1.39.0, 1.39.1, 1.40.0, 1.41.0, 1.41.1, 1.41.2, 1.41.3, 1.42.0, 1.42.1, 1.42.2, 1.43.0, 1.43.1, 1.43.2, 1.43.3, 1.43.4, 1.44.0, 1.45.0, 1.45.1, 1.45.2, 1.45.3, 1.45.4, 1.45.5, 1.45.6, 1.45.7, 1.45.8, 1.45.9, 1.45.10
All unaffected versions: 1.46.0, 1.46.1, 1.46.2, 1.46.3, 1.47.0, 1.47.1, 1.47.2, 1.48.0, 1.48.1, 1.48.2, 1.49.0, 1.49.1, 1.49.2, 1.49.3, 1.49.4, 1.49.5, 1.50.0