CVE-2022-38545

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-38545

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-38545.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-38545

Aliases

GHSA-mcvg-g9wx-v5vx

Published

2022-09-19T23:15:09.203Z

Modified

2025-11-20T12:09:18.166571Z

Severity

9.6 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Valine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via a crafted POST request.

References

https://github.com/xCss/Valine/issues/400

Affected packages

Git / github.com/xcss/valine

Affected ranges

Type: GIT
Repo: https://github.com/xcss/valine
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

a670b1ebe60eb991e824485d04fb671c9f46b9b3

Affected versions

v1.*

v1.0.2

v1.0.7

v1.0.8

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.1.4

v1.1.4-rc

v1.1.4-rc1

v1.1.4-rc2

v1.1.5

v1.1.6

v1.1.7

v1.1.7-beta

v1.1.7-beta1

v1.1.7-rc1

v1.1.7-rc2

v1.1.7-rc3

v1.1.8

v1.1.8-beta

v1.1.8-beta1

v1.1.8-beta2

v1.1.8-beta3

v1.1.8-beta4

v1.1.8-beta5

v1.1.8-beta6

v1.1.8-beta7

v1.1.8-beta8

v1.1.8-beta9

v1.1.8-rc1

v1.1.8-rc2

v1.1.8-rc3

v1.1.8-rc4

v1.1.8-rc5

v1.1.9

v1.1.9-beta

v1.1.9-beta1

v1.1.9-beta2

v1.1.9-beta3

v1.1.9-beta4

v1.1.9-beta5

v1.1.9-beta6

v1.1.9-beta7

v1.1.9-beta8

v1.1.9-beta9

v1.1.9-rc1

v1.1.9-rc2

v1.1.9-rc3

v1.2.0

v1.2.0-beta

v1.2.0-beta1

v1.2.0-beta2

v1.2.2

v1.2.3

v1.2.4

v1.2.5

v1.2.6

v1.2.7

v1.2.8

v1.2.9

v1.3.0

v1.3.1

v1.3.10

v1.3.3

v1.3.4

v1.3.5

v1.3.6

v1.3.7

v1.3.8

v1.3.9

v1.4.0

v1.4.1

v1.4.10

v1.4.11

v1.4.12

v1.4.13

v1.4.14

v1.4.15

v1.4.16

v1.4.17

v1.4.18

v1.4.2

v1.4.3

v1.4.4

v1.4.5

v1.4.6

v1.4.7

v1.4.8

v1.4.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-38545.json"