CVE Vulnerability

CVE-2022-0654

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository fgribreau/node-request-retry prior to 7.0.0.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/fgribreau/node-request-retry/commit/0979c6001d9d57c2aac3157c11b007397158922a Patch Third Party Advisory
https://huntr.dev/bounties/a779faf5-c2cc-48be-a31d-4ddfac357afc Exploit Patch
Configurations

Configuration 1

cpe:2.3:a:node-request-retry_project:node-request-retry:*:*:*:*:*:node.js:*:*
Information

Published : 2022-02-23 12:15

Updated : 2022-03-02 03:16

NVD link : CVE-2022-0654

Mitre link : CVE-2022-0654

Products Affected
No products.
CWE
NVD-CWE-noinfo