Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14Mmp4LXczd20tOXAzcM4AAwI2
nadesiko3 allows remote attacker to inject invalid value to decodeURIComponent of nako3edit
Nako3edit is the editor component of Nadeshiko 3, a programming language developed based on Japanese. Improper check or handling of exceptional conditions in Nako3edit v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash.
Permalink: https://github.com/advisories/GHSA-x2jx-w3wm-9p3pJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14Mmp4LXczd20tOXAzcM4AAwI2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: about 1 year ago
CVSS Score: 5.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Identifiers: GHSA-x2jx-w3wm-9p3p, CVE-2022-41777
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-41777
- https://github.com/kujirahand/nadesiko3/issues/1325
- https://github.com/kujirahand/nadesiko3/issues/1347
- https://jvn.jp/en/jp/JVN56968681/index.html
- https://github.com/kujirahand/nadesiko3/releases/tag/3.3.75
- https://github.com/advisories/GHSA-x2jx-w3wm-9p3p
Blast Radius: 5.3
Affected Packages
npm:nadesiko3
Dependent packages: 11Dependent repositories: 10
Downloads: 2,262 last month
Affected Version Ranges: < 3.3.75
Fixed in: 3.3.75
All affected versions: 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.1.7, 3.0.19, 3.0.20, 3.0.21, 3.0.22, 3.0.23, 3.0.24, 3.0.25, 3.0.26, 3.0.27, 3.0.28, 3.0.29, 3.0.30, 3.0.31, 3.0.32, 3.0.33, 3.0.35, 3.0.37, 3.0.38, 3.0.39, 3.0.40, 3.0.41, 3.0.42, 3.0.44, 3.0.45, 3.0.47, 3.0.48, 3.0.51, 3.0.52, 3.0.53, 3.0.54, 3.0.55, 3.0.57, 3.0.59, 3.0.60, 3.0.62, 3.0.63, 3.0.64, 3.0.65, 3.0.66, 3.0.67, 3.0.68, 3.0.69, 3.0.70, 3.0.71, 3.0.72, 3.0.73, 3.0.74, 3.0.75, 3.1.0, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.1.13, 3.1.14, 3.1.15, 3.1.16, 3.1.17, 3.1.18, 3.1.19, 3.1.20, 3.1.21, 3.1.22, 3.1.23, 3.1.24, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.10, 3.2.11, 3.2.12, 3.2.13, 3.2.14, 3.2.15, 3.2.20, 3.2.21, 3.2.22, 3.2.23, 3.2.24, 3.2.25, 3.2.27, 3.2.28, 3.2.29, 3.2.30, 3.2.31, 3.2.32, 3.2.33, 3.2.34, 3.2.35, 3.2.36, 3.2.37, 3.2.38, 3.2.39, 3.2.40, 3.2.41, 3.2.42, 3.2.43, 3.2.44, 3.2.45, 3.2.46, 3.2.47, 3.2.48, 3.2.50, 3.2.51, 3.2.52, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.3.7, 3.3.8, 3.3.10, 3.3.11, 3.3.12, 3.3.13, 3.3.14, 3.3.15, 3.3.16, 3.3.17, 3.3.18, 3.3.22, 3.3.23, 3.3.24, 3.3.25, 3.3.26, 3.3.27, 3.3.28, 3.3.31, 3.3.32, 3.3.35, 3.3.45, 3.3.47, 3.3.48, 3.3.49, 3.3.50, 3.3.51, 3.3.52, 3.3.53, 3.3.54, 3.3.55, 3.3.56, 3.3.57, 3.3.58, 3.3.59, 3.3.60, 3.3.61, 3.3.62, 3.3.63, 3.3.64, 3.3.65, 3.3.66, 3.3.67, 3.3.68, 3.3.69, 3.3.70, 3.3.71, 3.3.72, 3.3.73, 3.3.74
All unaffected versions: 3.3.75, 3.3.76, 3.3.77, 3.3.78, 3.3.79, 3.3.80, 3.3.81, 3.3.82, 3.3.83, 3.4.1, 3.4.3, 3.4.4, 3.4.5, 3.4.9, 3.4.10, 3.4.11, 3.4.12, 3.4.13, 3.4.14, 3.4.15, 3.4.16, 3.4.17, 3.4.18, 3.4.19, 3.4.20, 3.4.21, 3.4.22, 3.4.23, 3.4.24, 3.4.25, 3.4.26, 3.4.27, 3.5.0, 3.5.1, 3.5.2, 3.5.3