Vulnerability Database
Blog
FAQ
Docs
GHSA-rj5f-vm79-5j84
Suggest an improvement
Source
https://github.com/advisories/GHSA-rj5f-vm79-5j84
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-rj5f-vm79-5j84/GHSA-rj5f-vm79-5j84.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-rj5f-vm79-5j84
Aliases
CVE-2022-3607
PYSEC-2022-42975
Published
2022-10-19T19:00:24Z
Modified
2024-10-08T13:27:50.057345Z
Severity
6.0 (Medium)
CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
CVSS Calculator
6.1 (Medium)
CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
CVSS Calculator
Summary
OctoPrint vulnerable to Special Element Injection
Details
OctoPrint prior to 1.8.3 is vulnerable to Special Element Injection.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-3607
https://github.com/octoprint/octoprint/commit/3cca3a43f3d085e9bbe5a5840c8255bb1b5d052e
https://github.com/octoprint/octoprint
https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-42975.yaml
https://huntr.dev/bounties/2d1db3c9-93e8-4902-a55b-5ea53c22aa11
Affected packages
PyPI
/
octoprint
Package
Name
octoprint
View open source insights on deps.dev
Purl
pkg:pypi/octoprint
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1.8.3
Affected versions
1.*
1.3.11
1.3.12rc1
1.3.12rc3
1.3.12
1.4.0rc1
1.4.0rc2
1.4.0rc3
1.4.0rc4
1.4.0rc5
1.4.0rc6
1.4.0
1.4.1rc1
1.4.1rc2
1.4.1rc3
1.4.1rc4
1.4.1
1.4.2
1.5.0rc1
1.5.0rc2
1.5.0rc3
1.5.0
1.5.1
1.5.2
1.5.3
1.6.0rc1
1.6.0rc2
1.6.0rc3
1.6.0
1.6.1
1.7.0rc1
1.7.0rc2
1.7.0rc3
1.7.0
1.7.1
1.7.2
1.7.3
1.8.0rc1
1.8.0rc2
1.8.0rc3
1.8.0rc4
1.8.0rc5
1.8.0
1.8.1
1.8.2
GHSA-rj5f-vm79-5j84 - OSV