CVE-2022-36537
- Source
- https://cve.org/CVERecord?id=CVE-2022-36537
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-36537.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-36537
- Aliases
- Published
- 2022-08-26T20:15:08.303Z
- Modified
- 2026-03-14T11:49:47.787281Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.
- References
Affected packages
Git / github.com/zkoss/zk
Affected ranges
- Type
- GIT
- Repo
- https://github.com/zkoss/zk
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedFixedIntroducedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "8.6.4.2" }, { "introduced": "9.0.0" }, { "fixed": "9.0.1.3" }, { "introduced": "9.5.0" }, { "fixed": "9.5.1.3" }, { "introduced": "9.6.0" }, { "fixed": "9.6.2" } ] }
Affected versions
v8.*
v8.6.4
v9.*
v9.0.0
v9.0.0.1
v9.0.1
v9.0.1.1
v9.0.1.2
v9.1.0
v9.5.0
v9.5.0.1
v9.5.0.2
v9.5.1
v9.5.1.1
v9.5.1.2
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-36537.json"
vanir_signatures
[
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"117576616078778999642976925321291918973",
"333628973242060767816104327271779652870"
],
"threshold": 0.9
},
"source": "https://github.com/zkoss/zk/commit/4271cf0b0a9a1686fafc43af169bc3768f57cba0",
"id": "CVE-2022-36537-291c1c74",
"target": {
"file": "zk/src/org/zkoss/zk/Version.java"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"65590753180256321531435750335816438997",
"149143847992644947948913359545227319018"
],
"threshold": 0.9
},
"source": "https://github.com/zkoss/zk/commit/fa2007a98b562012b42734def9373f1d5e456897",
"id": "CVE-2022-36537-3a076a92",
"target": {
"file": "zk/src/org/zkoss/zk/Version.java"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"7365089467909330125349943113272355522",
"47332037741835786028406970016400998198"
],
"threshold": 0.9
},
"source": "https://github.com/zkoss/zk/commit/9b0d586e384f0962798ece209dcf30ccd9cc35f3",
"id": "CVE-2022-36537-8f60720d",
"target": {
"file": "zk/src/org/zkoss/zk/Version.java"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"137711726433433016033059931372245228343",
"202631413215551158619460968328017010123"
],
"threshold": 0.9
},
"source": "https://github.com/zkoss/zk/commit/901c4a647002475d126fda878f4b3bbb2290fba9",
"id": "CVE-2022-36537-a081c810",
"target": {
"file": "zk/src/org/zkoss/zk/Version.java"
}
}
]