Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-bbq3-tx7c-yucn
Vulnerability ID VCID-bbq3-tx7c-yucn
Aliases CVE-2022-23307
GHSA-f7vh-qwp3-x37m
Summary This advisory has been marked as False Positive and removed.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-502 Deserialization of Untrusted Data
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23307.json
epss 0.02155 https://api.first.org/data/v1/epss?cve=CVE-2022-23307
epss 0.02155 https://api.first.org/data/v1/epss?cve=CVE-2022-23307
epss 0.02155 https://api.first.org/data/v1/epss?cve=CVE-2022-23307
epss 0.02155 https://api.first.org/data/v1/epss?cve=CVE-2022-23307
epss 0.02155 https://api.first.org/data/v1/epss?cve=CVE-2022-23307
epss 0.02155 https://api.first.org/data/v1/epss?cve=CVE-2022-23307
epss 0.02155 https://api.first.org/data/v1/epss?cve=CVE-2022-23307
epss 0.02155 https://api.first.org/data/v1/epss?cve=CVE-2022-23307
epss 0.02155 https://api.first.org/data/v1/epss?cve=CVE-2022-23307
epss 0.02155 https://api.first.org/data/v1/epss?cve=CVE-2022-23307
epss 0.02155 https://api.first.org/data/v1/epss?cve=CVE-2022-23307
epss 0.02603 https://api.first.org/data/v1/epss?cve=CVE-2022-23307
epss 0.02603 https://api.first.org/data/v1/epss?cve=CVE-2022-23307
cvssv3.1 8.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr CRITICAL https://github.com/advisories/GHSA-f7vh-qwp3-x37m
cvssv3.1 9.8 https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh
generic_textual CRITICAL https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh
cvssv3.1 9.8 https://logging.apache.org/log4j/1.2/index.html
generic_textual CRITICAL https://logging.apache.org/log4j/1.2/index.html
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23307
generic_textual CRITICAL https://nvd.nist.gov/vuln/detail/CVE-2022-23307
cvssv3.1 9.8 https://www.oracle.com/security-alerts/cpuapr2022.html
generic_textual CRITICAL https://www.oracle.com/security-alerts/cpuapr2022.html
cvssv3.1 9.8 https://www.oracle.com/security-alerts/cpujul2022.html
generic_textual CRITICAL https://www.oracle.com/security-alerts/cpujul2022.html
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23307.json
https://api.first.org/data/v1/epss?cve=CVE-2022-23307
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23307
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh
https://logging.apache.org/log4j/1.2/index.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujul2022.html
1004482 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004482
2041967 https://bugzilla.redhat.com/show_bug.cgi?id=2041967
CVE-2022-23307 https://nvd.nist.gov/vuln/detail/CVE-2022-23307
GHSA-f7vh-qwp3-x37m https://github.com/advisories/GHSA-f7vh-qwp3-x37m
RHSA-2022:0289 https://access.redhat.com/errata/RHSA-2022:0289
RHSA-2022:0290 https://access.redhat.com/errata/RHSA-2022:0290
RHSA-2022:0291 https://access.redhat.com/errata/RHSA-2022:0291
RHSA-2022:0294 https://access.redhat.com/errata/RHSA-2022:0294
RHSA-2022:0430 https://access.redhat.com/errata/RHSA-2022:0430
RHSA-2022:0435 https://access.redhat.com/errata/RHSA-2022:0435
RHSA-2022:0436 https://access.redhat.com/errata/RHSA-2022:0436
RHSA-2022:0437 https://access.redhat.com/errata/RHSA-2022:0437
RHSA-2022:0438 https://access.redhat.com/errata/RHSA-2022:0438
RHSA-2022:0439 https://access.redhat.com/errata/RHSA-2022:0439
RHSA-2022:0442 https://access.redhat.com/errata/RHSA-2022:0442
RHSA-2022:0444 https://access.redhat.com/errata/RHSA-2022:0444
RHSA-2022:0445 https://access.redhat.com/errata/RHSA-2022:0445
RHSA-2022:0446 https://access.redhat.com/errata/RHSA-2022:0446
RHSA-2022:0447 https://access.redhat.com/errata/RHSA-2022:0447
RHSA-2022:0448 https://access.redhat.com/errata/RHSA-2022:0448
RHSA-2022:0449 https://access.redhat.com/errata/RHSA-2022:0449
RHSA-2022:0450 https://access.redhat.com/errata/RHSA-2022:0450
RHSA-2022:0467 https://access.redhat.com/errata/RHSA-2022:0467
RHSA-2022:0469 https://access.redhat.com/errata/RHSA-2022:0469
RHSA-2022:0475 https://access.redhat.com/errata/RHSA-2022:0475
RHSA-2022:0497 https://access.redhat.com/errata/RHSA-2022:0497
RHSA-2022:0507 https://access.redhat.com/errata/RHSA-2022:0507
RHSA-2022:0524 https://access.redhat.com/errata/RHSA-2022:0524
RHSA-2022:0527 https://access.redhat.com/errata/RHSA-2022:0527
RHSA-2022:0553 https://access.redhat.com/errata/RHSA-2022:0553
RHSA-2022:0661 https://access.redhat.com/errata/RHSA-2022:0661
RHSA-2022:1296 https://access.redhat.com/errata/RHSA-2022:1296
RHSA-2022:1297 https://access.redhat.com/errata/RHSA-2022:1297
RHSA-2022:1299 https://access.redhat.com/errata/RHSA-2022:1299
RHSA-2022:5458 https://access.redhat.com/errata/RHSA-2022:5458
RHSA-2022:5459 https://access.redhat.com/errata/RHSA-2022:5459
RHSA-2022:5460 https://access.redhat.com/errata/RHSA-2022:5460
RHSA-2024:5856 https://access.redhat.com/errata/RHSA-2024:5856
USN-5998-1 https://usn.ubuntu.com/5998-1/
USN-7590-1 https://usn.ubuntu.com/7590-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23307.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://logging.apache.org/log4j/1.2/index.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-23307
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpuapr2022.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpujul2022.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.84208
EPSS Score 0.02155
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:49:18.131380+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.webjars.npm/chainsaw/CVE-2022-23307.yml 38.0.0