Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-5nsr-6ftz-ukg9
Vulnerability ID VCID-5nsr-6ftz-ukg9
Aliases CVE-2022-27177
GHSA-74w3-2r77-fw5h
PYSEC-2022-189
Summary Use of Externally-Controlled Format String in consoleme
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-134 Use of Externally-Controlled Format String
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.02136 https://api.first.org/data/v1/epss?cve=CVE-2022-27177
epss 0.02136 https://api.first.org/data/v1/epss?cve=CVE-2022-27177
epss 0.02136 https://api.first.org/data/v1/epss?cve=CVE-2022-27177
epss 0.02136 https://api.first.org/data/v1/epss?cve=CVE-2022-27177
cvssv3.1_qr CRITICAL https://github.com/advisories/GHSA-74w3-2r77-fw5h
cvssv3.1 9.8 https://github.com/Netflix/ConsoleMe
generic_textual CRITICAL https://github.com/Netflix/ConsoleMe
cvssv3.1 9.8 https://github.com/Netflix/consoleme/commit/2a3c84eee524d77c427b3329a8419cbbce9e1d16
generic_textual CRITICAL https://github.com/Netflix/consoleme/commit/2a3c84eee524d77c427b3329a8419cbbce9e1d16
cvssv3.1 9.8 https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2022-001.md
generic_textual CRITICAL https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2022-001.md
cvssv3.1 9.8 https://github.com/pypa/advisory-database/tree/main/vulns/consoleme/PYSEC-2022-189.yaml
generic_textual CRITICAL https://github.com/pypa/advisory-database/tree/main/vulns/consoleme/PYSEC-2022-189.yaml
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27177
generic_textual CRITICAL https://nvd.nist.gov/vuln/detail/CVE-2022-27177
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-27177
https://github.com/Netflix/ConsoleMe
https://github.com/Netflix/consoleme/commit/2a3c84eee524d77c427b3329a8419cbbce9e1d16
https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2022-001.md
https://github.com/pypa/advisory-database/tree/main/vulns/consoleme/PYSEC-2022-189.yaml
CVE-2022-27177 https://nvd.nist.gov/vuln/detail/CVE-2022-27177
GHSA-74w3-2r77-fw5h https://github.com/advisories/GHSA-74w3-2r77-fw5h
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/Netflix/ConsoleMe
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/Netflix/consoleme/commit/2a3c84eee524d77c427b3329a8419cbbce9e1d16
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2022-001.md
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/consoleme/PYSEC-2022-189.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-27177
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.84569
EPSS Score 0.02136
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T20:28:40.149966+00:00 GHSA Importer Import https://github.com/advisories/GHSA-74w3-2r77-fw5h 38.6.0