CVE-2022-40313 (High) detected in mustache/mustache-v2.14.2 #31
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-for-github-com
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2022-40313 - High Severity Vulnerability
A Mustache implementation in PHP.
Library home page: https://api.github.com/repos/bobthecow/mustache.php/zipball/e62b7c3849d22ec55f3ec425507bf7968193a6cb
Dependency Hierarchy:
Found in HEAD commit: b93c032745146ac3a2f902f2dab07a4e58d519a5
Found in base branch: master
Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.
Publish Date: 2022-09-30
URL: CVE-2022-40313
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://moodle.org/mod/forum/discuss.php?d=438392
Release Date: 2022-09-30
Fix Resolution: v3.9.17,v3.11.10,v4.0.4
The text was updated successfully, but these errors were encountered: