Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-eg6c-bq3z-4qcn
Summary
Exposure of Sensitive Information to an Unauthorized Actor in semantic-release
### Impact
_What kind of vulnerability is it? Who is impacted?_

Secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that are excluded from uri encoding by [encodeURI](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURI). Occurrence is further limited to execution contexts where push access to the related repository is not available without modifying the repository url to inject credentials.

### Patches
_Has the problem been patched? What versions should users upgrade to?_

Fixed in 19.0.3

### Workarounds
_Is there a way for users to fix or remediate the vulnerability without upgrading?_

Secrets that do not contain characters that are excluded from encoding with `encodeURI` when included in a URL are already masked properly.

### References
_Are there any links users can visit to find out more?_
* https://github.com/semantic-release/semantic-release/releases/tag/v19.0.3
* https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURI

### For more information
If you have any questions or comments about this advisory:
* Open a discussion in [semantic-release discussions](https://github.com/semantic-release/semantic-release/discussions)
Aliases
0
alias CVE-2022-31051
1
alias GHSA-x2pg-mjhr-2m5x
Fixed_packages
0
url pkg:npm/semantic-release@19.0.3
purl pkg:npm/semantic-release@19.0.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@19.0.3
Affected_packages
0
url pkg:npm/semantic-release@17.0.4
purl pkg:npm/semantic-release@17.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
1
vulnerability VCID-mzqw-9gd4-6qf4
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.0.4
1
url pkg:npm/semantic-release@17.0.5
purl pkg:npm/semantic-release@17.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
1
vulnerability VCID-mzqw-9gd4-6qf4
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.0.5
2
url pkg:npm/semantic-release@17.0.6
purl pkg:npm/semantic-release@17.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
1
vulnerability VCID-mzqw-9gd4-6qf4
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.0.6
3
url pkg:npm/semantic-release@17.0.7
purl pkg:npm/semantic-release@17.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
1
vulnerability VCID-mzqw-9gd4-6qf4
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.0.7
4
url pkg:npm/semantic-release@17.0.8
purl pkg:npm/semantic-release@17.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
1
vulnerability VCID-mzqw-9gd4-6qf4
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.0.8
5
url pkg:npm/semantic-release@17.1.0
purl pkg:npm/semantic-release@17.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
1
vulnerability VCID-mzqw-9gd4-6qf4
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.1.0
6
url pkg:npm/semantic-release@17.1.1
purl pkg:npm/semantic-release@17.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
1
vulnerability VCID-mzqw-9gd4-6qf4
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.1.1
7
url pkg:npm/semantic-release@17.1.2
purl pkg:npm/semantic-release@17.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
1
vulnerability VCID-mzqw-9gd4-6qf4
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.1.2
8
url pkg:npm/semantic-release@17.2.0
purl pkg:npm/semantic-release@17.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
1
vulnerability VCID-mzqw-9gd4-6qf4
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.2.0
9
url pkg:npm/semantic-release@17.2.1
purl pkg:npm/semantic-release@17.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
1
vulnerability VCID-mzqw-9gd4-6qf4
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.2.1
10
url pkg:npm/semantic-release@17.2.2
purl pkg:npm/semantic-release@17.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
1
vulnerability VCID-mzqw-9gd4-6qf4
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.2.2
11
url pkg:npm/semantic-release@17.2.3
purl pkg:npm/semantic-release@17.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.2.3
12
url pkg:npm/semantic-release@17.2.4
purl pkg:npm/semantic-release@17.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.2.4
13
url pkg:npm/semantic-release@17.3.0
purl pkg:npm/semantic-release@17.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.3.0
14
url pkg:npm/semantic-release@17.3.1
purl pkg:npm/semantic-release@17.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.3.1
15
url pkg:npm/semantic-release@17.3.2
purl pkg:npm/semantic-release@17.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.3.2
16
url pkg:npm/semantic-release@17.3.3
purl pkg:npm/semantic-release@17.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.3.3
17
url pkg:npm/semantic-release@17.3.4
purl pkg:npm/semantic-release@17.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.3.4
18
url pkg:npm/semantic-release@17.3.5
purl pkg:npm/semantic-release@17.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.3.5
19
url pkg:npm/semantic-release@17.3.6
purl pkg:npm/semantic-release@17.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.3.6
20
url pkg:npm/semantic-release@17.3.7
purl pkg:npm/semantic-release@17.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.3.7
21
url pkg:npm/semantic-release@17.3.8
purl pkg:npm/semantic-release@17.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.3.8
22
url pkg:npm/semantic-release@17.3.9
purl pkg:npm/semantic-release@17.3.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.3.9
23
url pkg:npm/semantic-release@17.4.0
purl pkg:npm/semantic-release@17.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.4.0
24
url pkg:npm/semantic-release@17.4.1
purl pkg:npm/semantic-release@17.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.4.1
25
url pkg:npm/semantic-release@17.4.2
purl pkg:npm/semantic-release@17.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.4.2
26
url pkg:npm/semantic-release@17.4.3
purl pkg:npm/semantic-release@17.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.4.3
27
url pkg:npm/semantic-release@17.4.4
purl pkg:npm/semantic-release@17.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.4.4
28
url pkg:npm/semantic-release@17.4.5
purl pkg:npm/semantic-release@17.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.4.5
29
url pkg:npm/semantic-release@17.4.6
purl pkg:npm/semantic-release@17.4.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.4.6
30
url pkg:npm/semantic-release@17.4.7
purl pkg:npm/semantic-release@17.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.4.7
31
url pkg:npm/semantic-release@18.0.0-beta.1
purl pkg:npm/semantic-release@18.0.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@18.0.0-beta.1
32
url pkg:npm/semantic-release@18.0.0-beta.2
purl pkg:npm/semantic-release@18.0.0-beta.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@18.0.0-beta.2
33
url pkg:npm/semantic-release@18.0.0-beta.3
purl pkg:npm/semantic-release@18.0.0-beta.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@18.0.0-beta.3
34
url pkg:npm/semantic-release@18.0.0-beta.4
purl pkg:npm/semantic-release@18.0.0-beta.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@18.0.0-beta.4
35
url pkg:npm/semantic-release@18.0.0-beta.5
purl pkg:npm/semantic-release@18.0.0-beta.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@18.0.0-beta.5
36
url pkg:npm/semantic-release@18.0.0-beta.6
purl pkg:npm/semantic-release@18.0.0-beta.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@18.0.0-beta.6
37
url pkg:npm/semantic-release@18.0.0-beta.7
purl pkg:npm/semantic-release@18.0.0-beta.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@18.0.0-beta.7
38
url pkg:npm/semantic-release@18.0.0-beta.8
purl pkg:npm/semantic-release@18.0.0-beta.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@18.0.0-beta.8
39
url pkg:npm/semantic-release@18.0.0
purl pkg:npm/semantic-release@18.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@18.0.0
40
url pkg:npm/semantic-release@18.0.1
purl pkg:npm/semantic-release@18.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@18.0.1
41
url pkg:npm/semantic-release@19.0.0-beta.1
purl pkg:npm/semantic-release@19.0.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@19.0.0-beta.1
42
url pkg:npm/semantic-release@19.0.0-beta.2
purl pkg:npm/semantic-release@19.0.0-beta.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@19.0.0-beta.2
43
url pkg:npm/semantic-release@19.0.0
purl pkg:npm/semantic-release@19.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@19.0.0
44
url pkg:npm/semantic-release@19.0.1
purl pkg:npm/semantic-release@19.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@19.0.1
45
url pkg:npm/semantic-release@19.0.2
purl pkg:npm/semantic-release@19.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eg6c-bq3z-4qcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@19.0.2
46
url pkg:rpm/redhat/ovirt-web-ui@1.9.0-1?arch=el8ev
purl pkg:rpm/redhat/ovirt-web-ui@1.9.0-1?arch=el8ev
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c86y-234c-s3hu
1
vulnerability VCID-eg6c-bq3z-4qcn
2
vulnerability VCID-q2nz-yft3-bqb2
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ovirt-web-ui@1.9.0-1%3Farch=el8ev
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31051.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31051.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31051
reference_id
reference_type
scores
0
value 0.00756
scoring_system epss
scoring_elements 0.73351
published_at 2026-04-29T12:55:00Z
1
value 0.00756
scoring_system epss
scoring_elements 0.73353
published_at 2026-04-26T12:55:00Z
2
value 0.00756
scoring_system epss
scoring_elements 0.73341
published_at 2026-04-24T12:55:00Z
3
value 0.00756
scoring_system epss
scoring_elements 0.73313
published_at 2026-04-18T12:55:00Z
4
value 0.00756
scoring_system epss
scoring_elements 0.73305
published_at 2026-04-21T12:55:00Z
5
value 0.00756
scoring_system epss
scoring_elements 0.73262
published_at 2026-04-13T12:55:00Z
6
value 0.00756
scoring_system epss
scoring_elements 0.73269
published_at 2026-04-12T12:55:00Z
7
value 0.00756
scoring_system epss
scoring_elements 0.7322
published_at 2026-04-02T12:55:00Z
8
value 0.00756
scoring_system epss
scoring_elements 0.73264
published_at 2026-04-09T12:55:00Z
9
value 0.00756
scoring_system epss
scoring_elements 0.73289
published_at 2026-04-11T12:55:00Z
10
value 0.00756
scoring_system epss
scoring_elements 0.73251
published_at 2026-04-08T12:55:00Z
11
value 0.00756
scoring_system epss
scoring_elements 0.73214
published_at 2026-04-07T12:55:00Z
12
value 0.00756
scoring_system epss
scoring_elements 0.73241
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31051
2
reference_url https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURI
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:40Z/
url https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURI
3
reference_url https://github.com/semantic-release/semantic-release
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/semantic-release/semantic-release
4
reference_url https://github.com/semantic-release/semantic-release/commit/58a226f29c04ee56bbb02cc661f020d568849cad
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:40Z/
url https://github.com/semantic-release/semantic-release/commit/58a226f29c04ee56bbb02cc661f020d568849cad
5
reference_url https://github.com/semantic-release/semantic-release/pull/2449
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/semantic-release/semantic-release/pull/2449
6
reference_url https://github.com/semantic-release/semantic-release/pull/2459
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/semantic-release/semantic-release/pull/2459
7
reference_url https://github.com/semantic-release/semantic-release/releases/tag/v19.0.3
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:40Z/
url https://github.com/semantic-release/semantic-release/releases/tag/v19.0.3
8
reference_url https://github.com/semantic-release/semantic-release/security/advisories/GHSA-x2pg-mjhr-2m5x
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:40Z/
url https://github.com/semantic-release/semantic-release/security/advisories/GHSA-x2pg-mjhr-2m5x
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31051
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31051
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2097414
reference_id 2097414
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2097414
11
reference_url https://github.com/advisories/GHSA-x2pg-mjhr-2m5x
reference_id GHSA-x2pg-mjhr-2m5x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x2pg-mjhr-2m5x
12
reference_url https://access.redhat.com/errata/RHSA-2022:5555
reference_id RHSA-2022:5555
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5555
Weaknesses
0
cwe_id 200
name Exposure of Sensitive Information to an Unauthorized Actor
description The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
1
cwe_id 212
name Improper Removal of Sensitive Information Before Storage or Transfer
description The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
3
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score4.0 - 7.5
Exploitability0.5
Weighted_severity6.8
Risk_score3.4
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-eg6c-bq3z-4qcn