CVE-2022-0355 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
@huntrdev	CNA	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 63%

Affected Products (NVD)

Vendor	Product	Version
simple-get_project	simple-get	𝑥 < 2.8.2
simple-get_project	simple-get	3.0.0 ≤ 𝑥 < 3.1.1
simple-get_project	simple-get	4.0.0

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.

References

https://github.com/advisories/GHSA-wpg7-2c88-r8xv

https://github.com/feross/simple-get/commit/e4af095e06cd69a9235013e8507e220a79b9684f

https://huntr.dev/bounties/42c79c23-6646-46c4-871d-219c0d4b4e31

https://github.com/advisories/GHSA-wpg7-2c88-r8xv

https://github.com/feross/simple-get/commit/e4af095e06cd69a9235013e8507e220a79b9684f

https://huntr.dev/bounties/42c79c23-6646-46c4-871d-219c0d4b4e31