CVE-2022-41958

Name of the Vulnerable Software and Affected Versions super-xray versions prior to 0.7

Description The issue concerns a web vulnerability scanning tool that assumed trusted input for the program config stored in a yaml file. An attacker with local access to the file could exploit this and compromise the program. The problem has been addressed in a specific commit and will be included in future releases.

Recommendations For versions prior to 0.7, users are advised to upgrade to a newer version to resolve the issue. As a temporary workaround, consider restricting access to the yaml configuration file until the issue is resolved. There are no known workarounds for this issue.