CVE-2022-39390

CVSS V2 None CVSS V3 Medium 6.1
Description
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-36534. Reason: This candidate is a reservation duplicate of CVE-2020-36534. Notes: All CVE users should reference CVE-2020-36534 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Overview
  • CVE ID
  • CVE-2022-39390
  • Assigner
  • security-advisories@github.com
  • Vulnerability Status
  • Rejected
  • Published Version
  • 2022-11-09T01:15:09
  • Last Modified Date
  • 2022-11-09T21:15:17
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • REQUIRED
  • Scope
  • CHANGED
  • Confidentiality Impact
  • LOW
  • Availability Impact
  • NONE
  • Base Score
  • 6.1
  • Base Severity
  • MEDIUM
  • Exploitability Score
  • 2.8
  • Impact Score
  • 2.7
History
Created Old Value New Value Data Type Notes
2022-11-09 02:00:15 Added to TrackCVE
2022-12-07 17:30:20 2022-11-09T01:15Z 2022-11-09T01:15:09 CVE Published Date updated
2022-12-07 17:30:20 2022-11-09T21:15:17 CVE Modified Date updated
2022-12-07 17:30:20 Rejected Vulnerability Status updated
2022-12-07 17:30:21 Octocat.js is a library used to render a set of options into an SVG. Versions prior to 1.2 are subject to JavaScript injection via user provided URLs. Users can include their own images for accessories via provided URLs. These URLs are not validated and can result in execution of injected code. This vulnerability was fixed in version 1.2 of octocat.js. As a workaround, writing an image to disk then using that image in an image element in HTML mitigates the risk. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-36534. Reason: This candidate is a reservation duplicate of CVE-2020-36534. Notes: All CVE users should reference CVE-2020-36534 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Description updated