CVE-2022-32265

EUVD-2022-53462
qDecoder before 12.1.0 does not ensure that the percent character is followed by two hex digits for URL decoding.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
Affected Products (NVD)
VendorProductVersion
qdecoder_projectqdecoder
𝑥
< 12.1.0
𝑥
= Vulnerable software versions
References
https://github.com/wolkykim/qdecoder/pull/29
https://github.com/wolkykim/qdecoder/pull/29/commits/ce7c8a7ac450a823a11b06508ef1eb7441241f81#diff-1c4e2f5adfa1ad30618e78ff459b2c0758ecf34278459ad0a8d58db4fec622ea
https://github.com/wolkykim/qdecoder/releases/tag/v12.1.0
https://github.com/wolkykim/qdecoder/pull/29
https://github.com/wolkykim/qdecoder/pull/29/commits/ce7c8a7ac450a823a11b06508ef1eb7441241f81#diff-1c4e2f5adfa1ad30618e78ff459b2c0758ecf34278459ad0a8d58db4fec622ea
https://github.com/wolkykim/qdecoder/releases/tag/v12.1.0