GHSA-4793-8wwh-jxxr

Source

https://github.com/advisories/GHSA-4793-8wwh-jxxr

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4793-8wwh-jxxr/GHSA-4793-8wwh-jxxr.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-4793-8wwh-jxxr

Aliases

CVE-2022-1848

Published

2022-05-25T00:00:37Z

Modified

2024-12-02T05:29:58.583074Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

Business Logic Errors in Para

Details

Paraara prior to version 1.46.0 is vulnerable to business logic errors. A user can create more than one app, even after they reach the app limit.

Database specific

{
    "nvd_published_at": "2022-05-24T13:15:00Z",
    "cwe_ids": [],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-06T21:19:22Z"
}

References

Affected packages

Maven / com.erudika:para-core

Package

Name: com.erudika:para-core; View open source insights on deps.dev
Purl: pkg:maven/com.erudika/para-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.46.0

Affected versions

1.*

1.13

1.14

1.14.1

1.15

1.16

1.16.1

1.16.2

1.17

1.17.1

1.18.0

1.18.1

1.18.2

1.18.3

1.18.4

1.18.5

1.18.6

1.18.7

1.18.8

1.18.9

1.19.0

1.20.0

1.21.0

1.21.1

1.22.0

1.23.0

1.23.1

1.24.0

1.24.1

1.24.2

1.24.3

1.24.4

1.24.5

1.25.0

1.25.1

1.25.2

1.25.3

1.25.4

1.25.5

1.26.0

1.26.1

1.26.2

1.27.0

1.28.0

1.28.1

1.28.2

1.28.3

1.28.4

1.28.5

1.29.0

1.29.1

1.29.2

1.30.0

1.30.1

1.30.2

1.31.0

1.31.1

1.31.2

1.31.3

1.32.0

1.33.0

1.33.1

1.34.0

1.34.1

1.34.2

1.34.3

1.35.0

1.36.0

1.36.1

1.37.0

1.37.1

1.38.0

1.38.1

1.38.2

1.38.3

1.38.4

1.39.0

1.39.1

1.40.0

1.41.0

1.41.1

1.41.2

1.41.3

1.42.0

1.42.1

1.42.2

1.43.0

1.43.1

1.43.2

1.43.3

1.43.4

1.44.0

1.45.0

1.45.1

1.45.2

1.45.3

1.45.4

1.45.5

1.45.6

1.45.7

1.45.8

1.45.9

1.45.10