Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authorization Bypass in parse-path #109

Open
1 of 4 tasks
TheKingTermux opened this issue Aug 15, 2022 · 6 comments
Open
1 of 4 tasks

Authorization Bypass in parse-path #109

TheKingTermux opened this issue Aug 15, 2022 · 6 comments
Labels
Auto Create Issues Label for Auto Created Issues do-not-autoclose Make bot can't close an Issues or PRs High This label for Security Severity only Security Label for Security Issues
Milestone
Alice 1.0.6

Comments

@TheKingTermux
Copy link
Owner

Description

Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0.

Severity Check

  • Low
  • Moderate
  • High
  • Critical

Severity Number

7.3

CVSS base metrics

  • Attack vector
    Network

  • Attack complexity
    Low

  • Privileges required
    None

  • User interaction
    None

  • Scope
    Unchanged

  • Confidentiality
    Low

  • Integrity
    Low

  • Availability
    Low

  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

  • Weaknesses
    CWE-639

  • CVE ID
    CVE-2022-0624

  • GHSA ID
    GHSA-3j8f-xvm3-ffx4

Information

  • Package
    parse-path (npm)

  • Affected versions
    < 5.0.0

  • Patched versions
    5.0.0

References
@TheKingTermux TheKingTermux added Security Label for Security Issues Auto Create Issues Label for Auto Created Issues labels Aug 15, 2022
@TheKingTermux TheKingTermux added this to the Alice 1.0.6 milestone Sep 21, 2022
@github-actions
Copy link

Stale issue message

@github-actions github-actions bot added the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Nov 21, 2022
@TheKingTermux
Copy link
Owner Author

P

@TheKingTermux TheKingTermux removed the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Nov 23, 2022
@TheKingTermux TheKingTermux added the do-not-autoclose Make bot can't close an Issues or PRs label Jan 5, 2023
@github-actions
Copy link

github-actions bot commented Mar 6, 2023

Isu ini sudah tidak ada perkembangan

@github-actions github-actions bot added the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Mar 6, 2023
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Mar 14, 2023
@TheKingTermux TheKingTermux reopened this Mar 14, 2023
@TheKingTermux TheKingTermux removed the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Mar 14, 2023
@TheKingTermux TheKingTermux added the High This label for Security Severity only label May 9, 2023
@github-actions
Copy link

github-actions bot commented Jul 9, 2023

Isu ini sudah tidak ada perkembangan

@github-actions github-actions bot added the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Jul 9, 2023
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Jul 17, 2023
@TheKingTermux TheKingTermux removed the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Jul 17, 2023
@TheKingTermux TheKingTermux reopened this Jul 17, 2023
@github-actions
Copy link

Isu ini sudah tidak ada perkembangan

@github-actions github-actions bot added the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Sep 16, 2023
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Sep 23, 2023
@TheKingTermux TheKingTermux reopened this Sep 25, 2023
@github-actions github-actions bot removed the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Sep 25, 2023
@github-actions GitHub Actions
Copy link

Isu ini sudah tidak ada perkembangan

@github-actions github-actions bot added the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Nov 25, 2023
@TheKingTermux TheKingTermux removed the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Nov 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Auto Create Issues Label for Auto Created Issues do-not-autoclose Make bot can't close an Issues or PRs High This label for Security Severity only Security Label for Security Issues
Projects
None yet
Milestone
Alice 1.0.6
Development

No branches or pull requests
1 participant
@TheKingTermux