PT-2022-13117 · Softwarex · Softwarex

Published

2022-03-29

Updated

2022-04-07

CVE-2022-0343

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SoftwareX versions prior to 24.2

Description A local attacker, as a different local user, may be able to send a HTTP request to "127.0.0.1:10000" after the user, typically a developer, manually invoked the ./tools/run-dev-server script.

Recommendations For versions prior to 24.2, it is recommended to upgrade to any version beyond 24.2. As a temporary workaround, consider restricting access to the development server to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-275

Related Identifiers

CVE-2022-0343

Affected Products

Softwarex

PT-2022-13117 · Softwarex · Softwarex

CVE-2022-0343

Weakness Enumeration

Related Identifiers

Affected Products

References · 5