GHSA-rj5f-vm79-5j84
Suggest an improvement- Source
- https://github.com/advisories/GHSA-rj5f-vm79-5j84
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-rj5f-vm79-5j84/GHSA-rj5f-vm79-5j84.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-rj5f-vm79-5j84
- Aliases
- Published
- 2022-10-19T19:00:24Z
- Modified
- 2024-10-08T13:27:50.057345Z
- Severity
-
- 6.0 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N CVSS Calculator
- 6.1 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N CVSS Calculator
- Summary
- OctoPrint vulnerable to Special Element Injection
- Details
-
OctoPrint prior to 1.8.3 is vulnerable to Special Element Injection.
- Database specific
{ "nvd_published_at": "2022-10-19T13:15:00Z", "cwe_ids": [ "CWE-74", "CWE-75" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-10-19T22:21:33Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-3607
- https://github.com/octoprint/octoprint/commit/3cca3a43f3d085e9bbe5a5840c8255bb1b5d052e
- https://github.com/octoprint/octoprint
- https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-42975.yaml
- https://huntr.dev/bounties/2d1db3c9-93e8-4902-a55b-5ea53c22aa11
Affected packages
PyPI / octoprint
Package
- Name
- octoprint
- View open source insights on deps.dev
- Purl
- pkg:pypi/octoprint
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.3
Affected versions
1.*
1.3.11
1.3.12rc1
1.3.12rc3
1.3.12
1.4.0rc1
1.4.0rc2
1.4.0rc3
1.4.0rc4
1.4.0rc5
1.4.0rc6
1.4.0
1.4.1rc1
1.4.1rc2
1.4.1rc3
1.4.1rc4
1.4.1
1.4.2
1.5.0rc1
1.5.0rc2
1.5.0rc3
1.5.0
1.5.1
1.5.2
1.5.3
1.6.0rc1
1.6.0rc2
1.6.0rc3
1.6.0
1.6.1
1.7.0rc1
1.7.0rc2
1.7.0rc3
1.7.0
1.7.1
1.7.2
1.7.3
1.8.0rc1
1.8.0rc2
1.8.0rc3
1.8.0rc4
1.8.0rc5
1.8.0
1.8.1
1.8.2