CVE-2022-39390
CVSS V2 None
CVSS V3 Medium 6.1
Description
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-36534. Reason: This candidate is a reservation duplicate of CVE-2020-36534. Notes: All CVE users should reference CVE-2020-36534 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Overview
- CVE ID
- CVE-2022-39390
- Assigner
- security-advisories@github.com
- Vulnerability Status
- Rejected
- Published Version
- 2022-11-09T01:15:09
- Last Modified Date
- 2022-11-09T21:15:17
Weakness Enumerations
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Attack Vector
- NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- NONE
- User Interaction
- REQUIRED
- Scope
- CHANGED
- Confidentiality Impact
- LOW
- Availability Impact
- NONE
- Base Score
- 6.1
- Base Severity
- MEDIUM
- Exploitability Score
- 2.8
- Impact Score
- 2.7
References
Reference URL | Reference Tags |
---|---|
https://github.com/octocademy/octocat.js/security/advisories/GHSA-r4jg-5v89-9v62 |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-39390 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39390 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2022-11-09 02:00:15 | Added to TrackCVE | |||
2022-12-07 17:30:20 | 2022-11-09T01:15Z | 2022-11-09T01:15:09 | CVE Published Date | updated |
2022-12-07 17:30:20 | 2022-11-09T21:15:17 | CVE Modified Date | updated | |
2022-12-07 17:30:20 | Rejected | Vulnerability Status | updated | |
2022-12-07 17:30:21 | Octocat.js is a library used to render a set of options into an SVG. Versions prior to 1.2 are subject to JavaScript injection via user provided URLs. Users can include their own images for accessories via provided URLs. These URLs are not validated and can result in execution of injected code. This vulnerability was fixed in version 1.2 of octocat.js. As a workaround, writing an image to disk then using that image in an image element in HTML mitigates the risk. | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-36534. Reason: This candidate is a reservation duplicate of CVE-2020-36534. Notes: All CVE users should reference CVE-2020-36534 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | Description | updated |