VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-ujpu-b99m-ffc4

Essentials
Severities (18)
References (7)
Severity details (16)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-ujpu-b99m-ffc4
Aliases	CVE-2022-3439 GHSA-x8x2-wc2h-wc48 PYSEC-2022-43159
Summary	Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0.
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-770	Allocation of Resources Without Limits or Throttling
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00509	https://api.first.org/data/v1/epss?cve=CVE-2022-3439
epss	0.00509	https://api.first.org/data/v1/epss?cve=CVE-2022-3439
cvssv3.1	9.8	https://github.com/advisories/GHSA-x8x2-wc2h-wc48
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-x8x2-wc2h-wc48
cvssv3.1	9.8	https://github.com/ikus060/rdiffweb
generic_textual	CRITICAL	https://github.com/ikus060/rdiffweb
cvssv3	4.5	https://github.com/ikus060/rdiffweb/commit/b78ec09f4582e363f6f449df6f987127e126c311
cvssv3.1	9.8	https://github.com/ikus060/rdiffweb/commit/b78ec09f4582e363f6f449df6f987127e126c311
generic_textual	CRITICAL	https://github.com/ikus060/rdiffweb/commit/b78ec09f4582e363f6f449df6f987127e126c311
ssvc	Track*	https://github.com/ikus060/rdiffweb/commit/b78ec09f4582e363f6f449df6f987127e126c311
cvssv3.1	9.8	https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-43159.yaml
generic_textual	CRITICAL	https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-43159.yaml
cvssv3	4.5	https://huntr.dev/bounties/37b86c45-b240-4626-bd53-b6f02d10e0d7
cvssv3.1	9.8	https://huntr.dev/bounties/37b86c45-b240-4626-bd53-b6f02d10e0d7
generic_textual	CRITICAL	https://huntr.dev/bounties/37b86c45-b240-4626-bd53-b6f02d10e0d7
ssvc	Track*	https://huntr.dev/bounties/37b86c45-b240-4626-bd53-b6f02d10e0d7
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2022-3439
generic_textual	CRITICAL	https://nvd.nist.gov/vuln/detail/CVE-2022-3439

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2022-3439
		https://github.com/ikus060/rdiffweb
		https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-43159.yaml
37b86c45-b240-4626-bd53-b6f02d10e0d7		https://huntr.dev/bounties/37b86c45-b240-4626-bd53-b6f02d10e0d7
b78ec09f4582e363f6f449df6f987127e126c311		https://github.com/ikus060/rdiffweb/commit/b78ec09f4582e363f6f449df6f987127e126c311
CVE-2022-3439		https://nvd.nist.gov/vuln/detail/CVE-2022-3439
GHSA-x8x2-wc2h-wc48		https://github.com/advisories/GHSA-x8x2-wc2h-wc48

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/advisories/GHSA-x8x2-wc2h-wc48

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/ikus060/rdiffweb

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:P/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H Found at https://github.com/ikus060/rdiffweb/commit/b78ec09f4582e363f6f449df6f987127e126c311

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/ikus060/rdiffweb/commit/b78ec09f4582e363f6f449df6f987127e126c311

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-14T15:36:25Z/ Found at https://github.com/ikus060/rdiffweb/commit/b78ec09f4582e363f6f449df6f987127e126c311

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-43159.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:P/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H Found at https://huntr.dev/bounties/37b86c45-b240-4626-bd53-b6f02d10e0d7

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://huntr.dev/bounties/37b86c45-b240-4626-bd53-b6f02d10e0d7

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-14T15:36:25Z/ Found at https://huntr.dev/bounties/37b86c45-b240-4626-bd53-b6f02d10e0d7

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-3439

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.66787
EPSS Score	0.00509
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T17:41:53.816151+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2022/3xxx/CVE-2022-3439.json	38.6.0