Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0zYzV4LTRodngtcXJycs4AAwnx
Graphite Web Cross-site Scripting vulnerability
A vulnerability has been found in Graphite Web and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2f178f490e10efc03cd1d27c72f64ecab224eb23. It is recommended to apply a patch to fix this issue. VDB-216742 is the identifier assigned to this vulnerability.
Permalink: https://github.com/advisories/GHSA-3c5x-4hvx-qrrrJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zYzV4LTRodngtcXJycs4AAwnx
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: about 1 year ago
CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-3c5x-4hvx-qrrr, CVE-2022-4728
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-4728
- https://github.com/graphite-project/graphite-web/issues/2744
- https://github.com/graphite-project/graphite-web/pull/2785
- https://github.com/graphite-project/graphite-web/commit/2f178f490e10efc03cd1d27c72f64ecab224eb23
- https://vuldb.com/?id.216742
- https://github.com/advisories/GHSA-3c5x-4hvx-qrrr
Blast Radius: 8.7
Affected Packages
pypi:graphite-web
Dependent packages: 0Dependent repositories: 40
Downloads: 1,483 last month
Affected Version Ranges: <= 1.1.10
No known fixed version
All affected versions: 0.9.5, 0.9.6, 0.9.7, 0.9.8, 0.9.9, 0.9.10, 0.9.11, 0.9.12, 0.9.13, 0.9.14, 0.9.15, 0.9.16, 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.1.8, 1.1.10