CVE-2022-4886

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-4886
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4886.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-4886
Aliases
Related
Published
2023-10-25T20:15:09.790Z
Modified
2026-03-15T22:46:19.208623Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Ingress-nginx path sanitization can be bypassed with log_format directive.

References

Affected packages

Git / github.com/kubernetes/ingress-nginx

Affected ranges

Type
GIT
Repo
https://github.com/kubernetes/ingress-nginx
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
3476232f5c38383dd157ddaff3b4c7cebd57284e
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.8.0"
        }
    ]
}

Affected versions

controller-v0.*
controller-v0.34.0
controller-v0.34.1
controller-v0.35.0
controller-v0.40.0
controller-v0.40.1
controller-v0.40.2
controller-v0.41.0
controller-v0.41.1
controller-v0.41.2
controller-v0.42.0
controller-v0.43.0
controller-v0.44.0
controller-v0.45.0
controller-v0.46.0
controller-v0.47.0
controller-v0.48.1
controller-v0.49.0
controller-v1.*
controller-v1.0.0
controller-v1.0.1
controller-v1.0.2
controller-v1.0.3
controller-v1.0.4
controller-v1.0.5
controller-v1.1.0
controller-v1.1.1
controller-v1.1.2
controller-v1.1.3
controller-v1.2.0
controller-v1.2.0-beta.0
controller-v1.2.0-beta.1
controller-v1.2.1
controller-v1.3.0
controller-v1.3.1
controller-v1.4.0
controller-v1.5.1
controller-v1.6.4
controller-v1.7.0
controller-v1.7.1
helm-chart-3.*
helm-chart-3.16.0
helm-chart-3.16.1
helm-chart-3.17.0
helm-chart-3.18.0
helm-chart-3.19.0
helm-chart-3.20.0
helm-chart-3.20.1
helm-chart-3.21.0
helm-chart-3.22.0
helm-chart-3.23.0
helm-chart-3.24.0
helm-chart-3.25.0
helm-chart-3.26.0
helm-chart-3.27.0
helm-chart-3.28.0
helm-chart-3.29.0
helm-chart-3.30.0
helm-chart-3.31.0
helm-chart-3.32.0
helm-chart-3.33.0
helm-chart-3.34.0
helm-chart-3.35.0
helm-chart-3.36.0
helm-chart-4.*
helm-chart-4.0.1
helm-chart-4.0.10
helm-chart-4.0.11
helm-chart-4.0.12
helm-chart-4.0.13
helm-chart-4.0.15
helm-chart-4.0.16
helm-chart-4.0.17
helm-chart-4.0.18
helm-chart-4.0.19
helm-chart-4.0.2
helm-chart-4.0.3
helm-chart-4.0.4
helm-chart-4.0.5
helm-chart-4.0.6
helm-chart-4.0.7
helm-chart-4.0.8
helm-chart-4.0.9
helm-chart-4.1.0
helm-chart-4.1.0-beta.0
helm-chart-4.1.0-beta.1
helm-chart-4.1.1
helm-chart-4.1.2
helm-chart-4.1.3
helm-chart-4.1.4
helm-chart-4.2.0
helm-chart-4.2.1
helm-chart-4.2.2
helm-chart-4.2.3
helm-chart-4.2.4
helm-chart-4.2.5
helm-chart-4.3.0
helm-chart-4.4.0
helm-chart-4.4.2
helm-chart-4.5.0
helm-chart-4.5.2
helm-chart-4.6.0
helm-chart-4.6.1
ingress-nginx-2.*
ingress-nginx-2.0.0
ingress-nginx-2.0.1
ingress-nginx-2.0.2
ingress-nginx-2.0.3
ingress-nginx-2.1.0
ingress-nginx-2.10.0
ingress-nginx-2.11.0
ingress-nginx-2.11.1
ingress-nginx-2.11.2
ingress-nginx-2.11.3
ingress-nginx-2.12.0
ingress-nginx-2.12.1
ingress-nginx-2.13.0
ingress-nginx-2.14.0
ingress-nginx-2.15.0
ingress-nginx-2.16.0
ingress-nginx-2.2.0
ingress-nginx-2.3.0
ingress-nginx-2.4.0
ingress-nginx-2.5.0
ingress-nginx-2.6.0
ingress-nginx-2.7.0
ingress-nginx-2.7.1
ingress-nginx-2.8.0
ingress-nginx-2.9.0
ingress-nginx-2.9.1
ingress-nginx-3.*
ingress-nginx-3.0.0
ingress-nginx-3.1.0
ingress-nginx-3.10.0
ingress-nginx-3.10.1
ingress-nginx-3.11.0
ingress-nginx-3.11.1
ingress-nginx-3.12.0
ingress-nginx-3.13.0
ingress-nginx-3.15.0
ingress-nginx-3.15.1
ingress-nginx-3.15.2
ingress-nginx-3.2.0
ingress-nginx-3.3.0
ingress-nginx-3.3.1
ingress-nginx-3.4.0
ingress-nginx-3.4.1
ingress-nginx-3.5.0
ingress-nginx-3.5.1
ingress-nginx-3.6.0
ingress-nginx-3.7.0
ingress-nginx-3.7.1
ingress-nginx-3.8.0
ingress-nginx-3.9.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4886.json"