Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS0zcXI2LXFycW0tOHY4Ns01Kw

High EPSS: 0.00701% (0.70762 Percentile) EPSS:
Permalink JSON

Integer Overflow or Wraparound in Microweber

Affected Packages Affected Versions Fixed Versions
packagist:microweber/microweber < 1.2.12 1.2.12
1 Dependent packages
5 Dependent repositories
13,389 Downloads total

Affected Version Ranges

All affected versions

0.9.346, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.2.10, 1.2.11

All unaffected versions

1.2.12, 1.2.13, 1.2.14, 1.2.15, 1.2.16, 1.2.17, 1.2.18, 1.2.19, 1.2.20, 1.2.21, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16, 2.0.17, 2.0.18, 2.0.19

In Microweber prior to 1.2.12, a user can create an account with a password thousands of characters in length, leading to memory corruption/integer overflow. Version 1.2.2 sets maximum password length at 500 characters.

References:

Identifiers

GHSA-3qr6-qrqm-8v86

CVE-2022-1036

Risk

Severity

High

EPSS

EPSS Percentage: 0.00701

EPSS Percentile: 0.70762

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/microweber/microweber

Date and time

Published

over 3 years ago

Updated

over 2 years ago

API

JSON