Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1tMzc5LXg0eGMtMzh4Oc4AAurl

rdiffweb vulnerable to Improper Restriction of Rendered UI Layers or Frames

rdiffweb prior to 2.4.1 is vulnerable to Improper Restriction of Rendered UI Layers or Frames. This allows attackers to perform clickjacking attacks that can trick victims into performing actions such as entering passwords, liking or deleting posts, and/or initiating an account deletion. This issue has been patched in version 2.4.1.

Permalink: https://github.com/advisories/GHSA-m379-x4xc-38x9
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tMzc5LXg0eGMtMzh4Oc4AAurl
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 1 year ago
Updated: about 1 year ago

CVSS Score: 8.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Identifiers: GHSA-m379-x4xc-38x9, CVE-2022-3167
References:

Repository: https://github.com/ikus060/rdiffweb
Blast Radius: 4.2

Affected Packages

pypi:rdiffweb

Dependent packages: 0
Dependent repositories: 3
Downloads: 747 last month
Affected Version Ranges: < 2.4.1
Fixed in: 2.4.1
All affected versions: 0.9.3, 0.9.4, 0.9.5, 0.10.0, 0.10.2, 0.10.3, 0.10.4, 0.10.5, 0.10.6, 0.10.7, 0.10.8, 0.10.9, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.1.0, 1.2.0, 1.2.1, 1.2.2, 1.3.0, 1.3.1, 1.3.2, 1.4.0, 1.5.0, 2.0.2, 2.1.0, 2.2.0, 2.2.1, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 2.4.0
All unaffected versions: 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 2.4.10, 2.4.11, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.5.6, 2.5.7, 2.5.8, 2.6.0, 2.6.1, 2.7.0, 2.7.1, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.8.5, 2.8.6, 2.8.7, 2.8.8, 2.8.9