CVE-2022-4860 – KBase Metrics methods_upload_user_stats.py upload_user_data sql injection
https://notcve.org/view.php?id=CVE-2022-4860
A vulnerability was found in KBase Metrics. It has been classified as critical. This affects the function upload_user_data of the file source/daily_cron_jobs/methods_upload_user_stats.py. The manipulation leads to sql injection. The patch is named 959dfb6b05991e30b0fa972a1ecdcaae8e1dae6d. • https://github.com/kbase/metrics/commit/959dfb6b05991e30b0fa972a1ecdcaae8e1dae6d https://github.com/kbase/metrics/pull/77 https://vuldb.com/?ctiid.217059 https://vuldb.com/?id.217059 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-45290
https://notcve.org/view.php?id=CVE-2022-45290
Kbase Doc v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /web/IndexController.java. Se descubrió que Kbase Doc v1.0 contenía una vulnerabilidad de eliminación de archivos arbitraria a través del componente /web/IndexController.java. • https://github.com/HH1F/KbaseDoc-v1.0-Arbitrary-file-deletion-vulnerability/blob/main/README.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •