CVE Vulnerability

CVE-2022-41958

super-xray is a web vulnerability scanning tool. Versions prior to 0.7 assumed trusted input for the program config which is stored in a yaml file. An attacker with local access to the file could exploit this and compromise the program. This issue has been addressed in commit `4d0d5966` and will be included in future releases. Users are advised to upgrade. There are no known workarounds for this issue.

7.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/4ra1n/super-xray/commit/4d0d59663596db03f39d7edd2be251d48b52dcfc Patch Third Party Advisory
https://github.com/4ra1n/super-xray/security/advisories/GHSA-39pv-4vmj-c4fr Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:super_xray_project:super_xray:*:*:*:*:*:*:*:*
Information

Published : 2022-11-25 06:15

Updated : 2022-11-30 08:16

NVD link : CVE-2022-41958

Mitre link : CVE-2022-41958

Products Affected
No products.
CWE
CWE-502

Deserialization of Untrusted Data