PT-2023-15902 · Sisimai · Sisimai

Gmcabrita

Published

2023-01-17

Updated

2024-05-17

CVE-2022-4891

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Sisimai versions up to 4.25.14p11

Description A vulnerability has been found in the function to plain of the file lib/sisimai/string.rb, leading to inefficient regular expression complexity. The exploit has been disclosed to the public and may be used.

Recommendations For Sisimai versions up to 4.25.14p11, upgrade to version 4.25.14p12 to address this issue. As a temporary workaround, consider restricting the use of the to plain function in the lib/sisimai/string.rb file until the patch is applied.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1333

Related Identifiers

CVE-2022-4891

GHSA-VM74-J4WQ-82XJ

Affected Products

Sisimai

PT-2023-15902 · Sisimai · Sisimai

CVE-2022-4891

Weakness Enumeration

Related Identifiers

Affected Products

References · 12