CVE-2022-1848

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-1848
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1848.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-1848
Aliases
Published
2022-05-24T10:40:09Z
Modified
2026-04-11T18:44:52.788675Z
Severity
  • 9.0 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
Summary
Business Logic Errors in erudika/para
Details

Business Logic Errors in GitHub repository erudika/para prior to 1.45.11.

Database specific 
{
    "cna_assigner": "@huntrdev",
    "cwe_ids": [
        "CWE-840"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/1xxx/CVE-2022-1848.json"
}
References

Affected packages

Git / github.com/erudika/para

Affected ranges

Type
GIT
Repo
https://github.com/erudika/para
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
fa677c629842df60099daa9c23bd802bc41b48d1
Type
GIT
Repo
https://github.com/erudika/para
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
fa677c629842df60099daa9c23bd802bc41b48d1

Affected versions

v1.*
v1.1.2
v1.1.3
v1.10
v1.11
v1.12
v1.13
v1.14
v1.14.1
v1.15
v1.16
v1.16.1
v1.16.2
v1.17
v1.17.1
v1.18.0
v1.18.1
v1.18.2
v1.18.3
v1.18.4
v1.18.5
v1.18.6
v1.18.7
v1.18.8
v1.18.9
v1.19.0
v1.2.1
v1.20.0
v1.21.0
v1.21.1
v1.22.0
v1.23.0
v1.23.1
v1.24.0
v1.24.1
v1.24.2
v1.24.3
v1.24.4
v1.24.5
v1.25.0
v1.25.1
v1.25.2
v1.25.3
v1.25.4
v1.25.5
v1.26.0
v1.26.1
v1.26.2
v1.27.0
v1.28.0
v1.28.1
v1.28.2
v1.28.3
v1.28.4
v1.28.5
v1.29.0
v1.29.1
v1.29.2
v1.3.0
v1.3.1
v1.30.0
v1.30.1
v1.30.2
v1.31.0
v1.31.1
v1.31.2
v1.31.3
v1.32.0
v1.33.0
v1.33.1
v1.34.0
v1.34.1
v1.34.2
v1.34.3
v1.35.0
v1.36.0
v1.36.1
v1.37.0
v1.37.1
v1.38.0
v1.38.1
v1.38.2
v1.38.3
v1.38.4
v1.39.0
v1.39.1
v1.4.0
v1.40.0
v1.41.0
v1.41.1
v1.41.2
v1.41.3
v1.42.0
v1.42.1
v1.42.2
v1.43.0
v1.43.1
v1.43.2
v1.43.3
v1.43.4
v1.44.0
v1.45.0
v1.45.1
v1.45.10
v1.45.2
v1.45.3
v1.45.4
v1.45.5
v1.45.6
v1.45.7
v1.45.8
v1.45.9
v1.5.0
v1.5.1
v1.6.0
v1.6.1
v1.7.0
v1.8.0
v1.9.0
v1.9.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1848.json"
vanir_signatures_modified 
"2026-04-11T18:44:52Z"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "1.45.11"
            }
        ]
    }
]
vanir_signatures 
[
    {
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/erudika/para/commit/fa677c629842df60099daa9c23bd802bc41b48d1",
        "digest": {
            "function_hash": "104097450789410759215311742972356402263",
            "length": 523.0
        },
        "id": "CVE-2022-1848-0ba1e8ab",
        "deprecated": false,
        "target": {
            "file": "para-core/src/main/java/com/erudika/para/core/validation/ValidationUtils.java",
            "function": "validateObject"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/erudika/para/commit/fa677c629842df60099daa9c23bd802bc41b48d1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "311378685079816520489565016757132577867",
                "146133762586761138727133010066169637070",
                "150818638856544141626324715868308298913",
                "185412393682204482210176899119164310826",
                "284088084138706559347238276198915032557",
                "126674877010635611710120584782942853350",
                "286587706415541673033420791023655721097",
                "95476377614443398414552014374422610256"
            ]
        },
        "id": "CVE-2022-1848-4dc8df21",
        "deprecated": false,
        "target": {
            "file": "para-core/src/main/java/com/erudika/para/core/User.java"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/erudika/para/commit/fa677c629842df60099daa9c23bd802bc41b48d1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "321772157625739895929262476370335235480",
                "167151266701044005873402679140168350066",
                "188017631013590310690797836936472621776",
                "284103243146965761101336727166021747845",
                "20151323287498959222818554364839443950",
                "268202482980693877960747585649226753266",
                "316779102737624140061468806064337828855",
                "266538547768462888915363208951570700006",
                "313357857511725076698940578429723180177",
                "114026874128955063382824541657245651411",
                "164430667072261906437476705954377031962"
            ]
        },
        "id": "CVE-2022-1848-b2646e0c",
        "deprecated": false,
        "target": {
            "file": "para-server/src/test/java/com/erudika/para/core/utils/ValidationUtilsTest.java"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/erudika/para/commit/fa677c629842df60099daa9c23bd802bc41b48d1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "122304711705236418931708104685008914009",
                "300844623303337392290059046135367758842",
                "223101289176231625997317000903747410633",
                "221365746482708423881501849468398942161",
                "148427500795054687186520107315778418674",
                "280659154256057639077537140232248917480",
                "224191641849674412261567922226021864119",
                "252258804199885480409843262755794518956"
            ]
        },
        "id": "CVE-2022-1848-cde9f2b0",
        "deprecated": false,
        "target": {
            "file": "para-core/src/main/java/com/erudika/para/core/validation/ValidationUtils.java"
        }
    }
]