Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tMzc5LXg0eGMtMzh4Oc4AAurl
rdiffweb vulnerable to Improper Restriction of Rendered UI Layers or Frames
rdiffweb prior to 2.4.1 is vulnerable to Improper Restriction of Rendered UI Layers or Frames. This allows attackers to perform clickjacking attacks that can trick victims into performing actions such as entering passwords, liking or deleting posts, and/or initiating an account deletion. This issue has been patched in version 2.4.1.
Permalink: https://github.com/advisories/GHSA-m379-x4xc-38x9JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tMzc5LXg0eGMtMzh4Oc4AAurl
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 1 year ago
Updated: about 1 year ago
CVSS Score: 8.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Identifiers: GHSA-m379-x4xc-38x9, CVE-2022-3167
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-3167
- https://github.com/ikus060/rdiffweb/commit/7294bb7466532762c93d711211e5958940c1b428
- https://huntr.dev/bounties/e5c2625b-34cc-4805-8223-80f2689e4e5c
- https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-268.yaml
- https://github.com/advisories/GHSA-m379-x4xc-38x9
Blast Radius: 4.2
Affected Packages
pypi:rdiffweb
Dependent packages: 0Dependent repositories: 3
Downloads: 747 last month
Affected Version Ranges: < 2.4.1
Fixed in: 2.4.1
All affected versions: 0.9.3, 0.9.4, 0.9.5, 0.10.0, 0.10.2, 0.10.3, 0.10.4, 0.10.5, 0.10.6, 0.10.7, 0.10.8, 0.10.9, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.1.0, 1.2.0, 1.2.1, 1.2.2, 1.3.0, 1.3.1, 1.3.2, 1.4.0, 1.5.0, 2.0.2, 2.1.0, 2.2.0, 2.2.1, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 2.4.0
All unaffected versions: 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 2.4.10, 2.4.11, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.5.6, 2.5.7, 2.5.8, 2.6.0, 2.6.1, 2.7.0, 2.7.1, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.8.5, 2.8.6, 2.8.7, 2.8.8, 2.8.9