Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS02cmp2LXh4Z3ItdjU3eM4AAvt6

Froxlor vulnerable to code injection

Code Injection in GitHub repository froxlor/froxlor prior to version 0.10.38.2. There are currently no known workarounds, please upgrade to version 0.10.38.2.

Permalink: https://github.com/advisories/GHSA-6rjv-xxgr-v57x
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02cmp2LXh4Z3ItdjU3eM4AAvt6
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 11 months ago
Updated: 8 months ago

CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Identifiers: GHSA-6rjv-xxgr-v57x, CVE-2022-3869
References:

https://nvd.nist.gov/vuln/detail/CVE-2022-3869
https://github.com/froxlor/froxlor/commit/3f10a4adede9df83408d60ded78b51b812a763a8
https://huntr.dev/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b
https://github.com/advisories/GHSA-6rjv-xxgr-v57x

Affected Packages

packagist:froxlor/froxlor

Versions: < 0.10.38.2
Fixed in: 0.10.38.2