GHSA-7fqm-jm52-f9vc

Suggest an improvement
Source
https://github.com/advisories/GHSA-7fqm-jm52-f9vc
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-7fqm-jm52-f9vc/GHSA-7fqm-jm52-f9vc.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-7fqm-jm52-f9vc
Aliases
Published
2022-09-29T00:00:19Z
Modified
2024-10-16T21:46:09.843241Z
Severity
  • 4.6 (Medium) CVSS_V3 - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
  • 5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
rdiffweb vulnerable to Use of Cache Containing Sensitive Information
Details

rdiffweb prior to version 2.4.9 is vulnerable to Use of Cache Containing Sensitive Information. Due to improper cache control, an attacker can view sensitive information even if they are not logged into an account. Version 2.4.9 contains a patch for this issue.

Database specific 
{
    "nvd_published_at": "2022-09-28T21:15:00Z",
    "cwe_ids": [
        "CWE-524"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-30T05:37:28Z"
}
References

Affected packages

PyPI / rdiffweb

Package

Name
rdiffweb
View open source insights on deps.dev
Purl
pkg:pypi/rdiffweb

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.9

Affected versions

0.*

0.9.2.dev1
0.9.3
0.9.4
0.9.5
0.10.0
0.10.2
0.10.3
0.10.4
0.10.5
0.10.6
0.10.7
0.10.8
0.10.9

1.*

1.0.0a1
1.0.0a2
1.0.0a3
1.0.0a4
1.0.0
1.0.1
1.0.2
1.0.3
1.1.0
1.2.0
1.2.1
1.2.2
1.3.0
1.3.1b1
1.3.1b2
1.3.1
1.3.2
1.4.0b1
1.4.0b2
1.4.0b3
1.4.0b4
1.4.0b5
1.4.0
1.4.1b1
1.4.1b2
1.4.1b3
1.5.0
1.5.1b1
1.5.1b2
1.6.0b1

2.*

2.0.1b2
2.0.1b3
2.0.2
2.0.3a1
2.0.3a2
2.0.3a3
2.0.3a4
2.0.3a5
2.0.3a6
2.0.3a7
2.1.0
2.2.0.dev1
2.2.0a1
2.2.0a2
2.2.0a3
2.2.0a4
2.2.0a5
2.2.0a6
2.2.0
2.2.1
2.3.0
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.8
2.3.9
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6
2.4.7
2.4.8