CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2022-24729 – Regular expression Denial of Service in dialog plugin
https://notcve.org/view.php?id=CVE-2022-24729
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds. • https://ckeditor.com/cke4/release/CKEditor-4.18.0 https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-f6rf-9m92-x2hh https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP https://www.drupal.org/sa-core-2022-005 https://www.oracle.com/security-alerts/cpujul2022.html • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 5.4EPSS: 0%CPEs: 19EXPL: 0CVE-2022-24728 – Cross-site Scripting in CKEditor4
https://notcve.org/view.php?id=CVE-2022-24728
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds. • https://ckeditor.com/cke4/release/CKEditor-4.18.0 https://github.com/ckeditor/ckeditor4/commit/d158413449692d920a778503502dcb22881bc949 https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-4fc4-4p5g-6w89 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP https://www.drupal.org/sa-core-2022-005 https://www.oracle.com/security& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 77EXPL: 1CVE-2020-36518 – jackson-databind: denial of service via a large depth of nested objects
https://notcve.org/view.php?id=CVE-2020-36518
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. jackson-databind versiones anteriores a 2.13.0, permite una excepción Java StackOverflow y una denegación de servicio por medio de una gran profundidad de objetos anidados A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects. • https://github.com/FasterXML/jackson-databind/issues/2816 https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html https://security.netapp.com/advisory/ntap-20220506-0004 https://www.debian.org/security/2022/dsa-5283 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2020-36518 https://bugzilla.redhat.com/ • CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-22946
https://notcve.org/view.php?id=CVE-2022-22946
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates. En spring cloud gateway versiones anteriores a 3.1.1+ , las aplicaciones que son configuradas para habilitar HTTP2 y no es establecido un almacén de claves o certificados confiables son configurados para usar un TrustManager no seguro. Esto hace que la pasarela pueda conectarse a servicios remotos con certificados no válidos o personalizados • https://tanzu.vmware.com/security/cve-2022-22946 https://www.oracle.com/security-alerts/cpujul2022.html • CWE-295: Improper Certificate Validation •
CVSS: 10.0EPSS: 97%CPEs: 16EXPL: 28CVE-2022-22947 – VMware Spring Cloud Gateway Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2022-22947
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host. En spring cloud gateway versiones anteriores a 3.1.1+ y a 3.0.7+ , las aplicaciones son vulnerables a un ataque de inyección de código cuando el endpoint del Actuador de la Puerta de Enlace está habilitado, expuesto y sin seguridad. Un atacante remoto podría realizar una petición maliciosamente diseñada que podría permitir una ejecución remota arbitraria en el host remoto Spring Cloud Gateway version 3.1.0 suffers from a remote code execution vulnerability. Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. • https://www.exploit-db.com/exploits/50799 https://github.com/lucksec/Spring-Cloud-Gateway-CVE-2022-22947 https://github.com/0x7eTeam/CVE-2022-22947 https://github.com/tangxiaofeng7/CVE-2022-22947-Spring-Cloud-Gateway https://github.com/crowsec-edtech/CVE-2022-22947 https://github.com/0730Nophone/CVE-2022-22947- https://github.com/Wrin9/CVE-2022-22947 https://github.com/M0ge/CVE-2022-22947-Spring-Cloud-Gateway-SpelRCE https://github.com/nanaao/CVE-2022-22947-POC https:// • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •