PT-2022-25436 · Dalli · Dalli
Xhzeem
·
Published
2022-11-19
·
Updated
2025-03-28
·
CVE-2022-4064
CVSS v4.0
6.3
Medium
| Vector | AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Dalli (affected versions not specified)
Description
A vulnerability was found in the function
self.meta set of the file lib/dalli/protocol/meta/request formatter.rb of the component Meta Protocol Handler. The manipulation leads to injection. The exploit has been disclosed to the public and may be used.Recommendations
To fix this issue, it is recommended to apply a patch. The name of the patch is 48d594dae55934476fec61789e7a7c3700e0f50d. As a temporary workaround, consider disabling the
self.meta set function until a patch is available.Exploit
Fix
Improper Neutralization
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Dalli