Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS03ZnFtLWptNTItZjl2Y84AAvGZ
rdiffweb vulnerable to Use of Cache Containing Sensitive Information
rdiffweb prior to version 2.4.9 is vulnerable to Use of Cache Containing Sensitive Information. Due to improper cache control, an attacker can view sensitive information even if they are not logged into an account. Version 2.4.9 contains a patch for this issue.
Permalink: https://github.com/advisories/GHSA-7fqm-jm52-f9vcJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03ZnFtLWptNTItZjl2Y84AAvGZ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: about 1 year ago
Identifiers: GHSA-7fqm-jm52-f9vc, CVE-2022-3292
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-3292
- https://github.com/ikus060/rdiffweb/commit/2406780831618405a13113377a784f3102465f40
- https://huntr.dev/bounties/e9309018-e94f-4e15-b7d1-5d38b6021c5d
- https://github.com/advisories/GHSA-7fqm-jm52-f9vc
Blast Radius: 0.0
Affected Packages
pypi:rdiffweb
Dependent packages: 0Dependent repositories: 3
Downloads: 747 last month
Affected Version Ranges: < 2.4.9
Fixed in: 2.4.9
All affected versions: 0.9.3, 0.9.4, 0.9.5, 0.10.0, 0.10.2, 0.10.3, 0.10.4, 0.10.5, 0.10.6, 0.10.7, 0.10.8, 0.10.9, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.1.0, 1.2.0, 1.2.1, 1.2.2, 1.3.0, 1.3.1, 1.3.2, 1.4.0, 1.5.0, 2.0.2, 2.1.0, 2.2.0, 2.2.1, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8
All unaffected versions: 2.4.9, 2.4.10, 2.4.11, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.5.6, 2.5.7, 2.5.8, 2.6.0, 2.6.1, 2.7.0, 2.7.1, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.8.5, 2.8.6, 2.8.7, 2.8.8, 2.8.9