VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-1chy-7bvj-hqb4

Essentials
Severities (59)
References (23)
Severity details (37)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-1chy-7bvj-hqb4
Aliases	CVE-2011-4107 GHSA-q4mm-89q2-xffg
Summary	phpMyAdmin vulnerable to XML external entity (XXE) injection attack The `simplexml_load_string` function in the XML import plug-in (`libraries/import/xml.php`) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
Status	Published
Exploitability	2.0
Weighted Severity	6.2
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
CWE-611	Improper Restriction of XML External Entity Reference
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	6.5	http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html
generic_textual	MODERATE	http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html
cvssv3.1	6.5	http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html
generic_textual	MODERATE	http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html
cvssv3.1	6.5	http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html
generic_textual	MODERATE	http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html
cvssv3.1	6.5	http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt
generic_textual	MODERATE	http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt
epss	0.12181	https://api.first.org/data/v1/epss?cve=CVE-2011-4107
epss	0.12181	https://api.first.org/data/v1/epss?cve=CVE-2011-4107
epss	0.12181	https://api.first.org/data/v1/epss?cve=CVE-2011-4107
epss	0.12181	https://api.first.org/data/v1/epss?cve=CVE-2011-4107
epss	0.12181	https://api.first.org/data/v1/epss?cve=CVE-2011-4107
epss	0.12181	https://api.first.org/data/v1/epss?cve=CVE-2011-4107
epss	0.12181	https://api.first.org/data/v1/epss?cve=CVE-2011-4107
epss	0.12181	https://api.first.org/data/v1/epss?cve=CVE-2011-4107
epss	0.12181	https://api.first.org/data/v1/epss?cve=CVE-2011-4107
epss	0.12181	https://api.first.org/data/v1/epss?cve=CVE-2011-4107
epss	0.12181	https://api.first.org/data/v1/epss?cve=CVE-2011-4107
epss	0.12181	https://api.first.org/data/v1/epss?cve=CVE-2011-4107
epss	0.12181	https://api.first.org/data/v1/epss?cve=CVE-2011-4107
epss	0.12181	https://api.first.org/data/v1/epss?cve=CVE-2011-4107
epss	0.12181	https://api.first.org/data/v1/epss?cve=CVE-2011-4107
epss	0.12181	https://api.first.org/data/v1/epss?cve=CVE-2011-4107
epss	0.12181	https://api.first.org/data/v1/epss?cve=CVE-2011-4107
epss	0.12181	https://api.first.org/data/v1/epss?cve=CVE-2011-4107
epss	0.12181	https://api.first.org/data/v1/epss?cve=CVE-2011-4107
epss	0.12181	https://api.first.org/data/v1/epss?cve=CVE-2011-4107
epss	0.12181	https://api.first.org/data/v1/epss?cve=CVE-2011-4107
epss	0.12181	https://api.first.org/data/v1/epss?cve=CVE-2011-4107
cvssv3.1	6.5	https://bugzilla.redhat.com/show_bug.cgi?id=751112
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=751112
cvssv3.1	6.5	http://seclists.org/fulldisclosure/2011/Nov/21
generic_textual	MODERATE	http://seclists.org/fulldisclosure/2011/Nov/21
cvssv3.1	6.5	http://securityreason.com/securityalert/8533
generic_textual	MODERATE	http://securityreason.com/securityalert/8533
cvssv3.1	6.5	https://exchange.xforce.ibmcloud.com/vulnerabilities/71108
generic_textual	MODERATE	https://exchange.xforce.ibmcloud.com/vulnerabilities/71108
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-q4mm-89q2-xffg
cvssv3.1	6.5	https://github.com/phpmyadmin/phpmyadmin
generic_textual	MODERATE	https://github.com/phpmyadmin/phpmyadmin
cvssv3.1	6.5	https://github.com/phpmyadmin/phpmyadmin/commit/2fbf631384fd8cded55f4500cb87b129442f9ed2
generic_textual	MODERATE	https://github.com/phpmyadmin/phpmyadmin/commit/2fbf631384fd8cded55f4500cb87b129442f9ed2
cvssv3.1	6.5	https://github.com/phpmyadmin/phpmyadmin/commit/34d99de000de9d15cfdf5e9cc8b7682d51110bbd
generic_textual	MODERATE	https://github.com/phpmyadmin/phpmyadmin/commit/34d99de000de9d15cfdf5e9cc8b7682d51110bbd
cvssv3.1	6.5	https://github.com/phpmyadmin/phpmyadmin/commit/5fa86b8e81565c15ddbc359e8f59ecd829a2b717
generic_textual	MODERATE	https://github.com/phpmyadmin/phpmyadmin/commit/5fa86b8e81565c15ddbc359e8f59ecd829a2b717
cvssv3.1	6.5	https://github.com/phpmyadmin/phpmyadmin/commit/a5e206fbd2ca814042cfc1bb7dd3b40c28ce3fb5
generic_textual	MODERATE	https://github.com/phpmyadmin/phpmyadmin/commit/a5e206fbd2ca814042cfc1bb7dd3b40c28ce3fb5
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2011-4107
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2011-4107
cvssv3.1	6.5	http://www.debian.org/security/2012/dsa-2391
generic_textual	MODERATE	http://www.debian.org/security/2012/dsa-2391
cvssv3.1	6.5	http://www.openwall.com/lists/oss-security/2011/11/03/3
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2011/11/03/3
cvssv3.1	6.5	http://www.openwall.com/lists/oss-security/2011/11/03/5
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2011/11/03/5
cvssv3.1	6.5	http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php
generic_textual	MODERATE	http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php

Reference id	Reference type	URL
		http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html
		http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html
		http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html
		http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt
		https://api.first.org/data/v1/epss?cve=CVE-2011-4107
		https://bugzilla.redhat.com/show_bug.cgi?id=751112
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4107
		http://seclists.org/fulldisclosure/2011/Nov/21
		http://securityreason.com/securityalert/8533
		https://exchange.xforce.ibmcloud.com/vulnerabilities/71108
		https://github.com/phpmyadmin/phpmyadmin
		https://github.com/phpmyadmin/phpmyadmin/commit/2fbf631384fd8cded55f4500cb87b129442f9ed2
		https://github.com/phpmyadmin/phpmyadmin/commit/34d99de000de9d15cfdf5e9cc8b7682d51110bbd
		https://github.com/phpmyadmin/phpmyadmin/commit/5fa86b8e81565c15ddbc359e8f59ecd829a2b717
		https://github.com/phpmyadmin/phpmyadmin/commit/a5e206fbd2ca814042cfc1bb7dd3b40c28ce3fb5
		https://nvd.nist.gov/vuln/detail/CVE-2011-4107
		http://www.debian.org/security/2012/dsa-2391
		http://www.openwall.com/lists/oss-security/2011/11/03/3
		http://www.openwall.com/lists/oss-security/2011/11/03/5
		http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php
656247		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656247
CVE-2011-4107;OSVDB-76798	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/18371.rb
GHSA-q4mm-89q2-xffg		https://github.com/advisories/GHSA-q4mm-89q2-xffg

Data source	Exploit-DB
Date added	Jan. 14, 2012
Description	phpMyAdmin 3.3.x/3.4.x - Local File Inclusion via XML External Entity Injection (Metasploit)
Ransomware campaign use	Unknown
Source publication date	Jan. 14, 2012
Exploit type	webapps
Platform	php
Source update date	Nov. 2, 2017

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=751112

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://seclists.org/fulldisclosure/2011/Nov/21

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://securityreason.com/securityalert/8533

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://exchange.xforce.ibmcloud.com/vulnerabilities/71108

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/phpmyadmin/phpmyadmin

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/phpmyadmin/phpmyadmin/commit/2fbf631384fd8cded55f4500cb87b129442f9ed2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/phpmyadmin/phpmyadmin/commit/34d99de000de9d15cfdf5e9cc8b7682d51110bbd

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/phpmyadmin/phpmyadmin/commit/5fa86b8e81565c15ddbc359e8f59ecd829a2b717

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/phpmyadmin/phpmyadmin/commit/a5e206fbd2ca814042cfc1bb7dd3b40c28ce3fb5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2011-4107

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://www.debian.org/security/2012/dsa-2391

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://www.openwall.com/lists/oss-security/2011/11/03/3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://www.openwall.com/lists/oss-security/2011/11/03/5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.93551
EPSS Score	0.12181
Published At	Aug. 7, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T09:10:19.586570+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q4mm-89q2-xffg/GHSA-q4mm-89q2-xffg.json	37.0.0