CVE-2022-41777

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Nako3edit versions 3.3.74 and earlier

Description The issue is related to an improper check or handling of exceptional conditions in the Nako3edit component, which is part of the Nadeshiko 3 programming language. This allows a remote attacker to inject an invalid value into the decodeURIComponent function of Nako3edit. As a result, the server may crash.

Recommendations For versions 3.3.74 and earlier, consider disabling the decodeURIComponent function in Nako3edit as a temporary workaround until a patch is available. Restrict access to the Nako3edit component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Handling of Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-755CWE-703

Related Identifiers

CVE-2022-41777

GHSA-X2JX-W3WM-9P3P

Affected Products

Nako3Edit

CVE-2022-41777

Weakness Enumeration

Related Identifiers

Affected Products

References · 9