GHSA-65hj-9ppw-77xc

Source

https://github.com/advisories/GHSA-65hj-9ppw-77xc

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-65hj-9ppw-77xc/GHSA-65hj-9ppw-77xc.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-65hj-9ppw-77xc

Aliases

CVE-2022-44262

Published

2022-12-01T06:30:26Z

Modified

2024-02-16T08:19:18.829937Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

ff4j is vulnerable to Remote Code Execution (RCE)

Details

ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE). This issue has been patched in version 1.9.

Database specific

{
    "nvd_published_at": "2022-12-01T05:15:00Z",
    "cwe_ids": [
        "CWE-94"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-05T22:13:55Z"
}

References

Affected packages

Maven / org.ff4j:ff4j-core

Package

Name: org.ff4j:ff4j-core; View open source insights on deps.dev
Purl: pkg:maven/org.ff4j/ff4j-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.8.1

Fixed

1.9

Affected versions

1.*

1.8.1

1.8.2

1.8.3

1.8.4

1.8.5

1.8.6

1.8.7

1.8.8

1.8.9

1.8.10

1.8.11

1.8.12

1.8.13