CVE-2022-35142

Name of the Vulnerable Software and Affected Versions Renato version 0.17.0

Description The issue allows attackers to cause a Denial of Service (DoS) via a crafted payload injected into the Search parameter. Additionally, Renato employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks. There is also a cross-site scripting (XSS) vulnerability present in version 0.17.0.

Recommendations For version 0.17.0, update to version 0.17.1 to resolve the security issues, including the Denial of Service, weak password complexity, and cross-site scripting vulnerabilities. As a temporary workaround, consider restricting access to the Search parameter to minimize the risk of exploitation.