{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-39303", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "dateUpdated": "2024-08-03T12:00:44.000Z", "dateReserved": "2022-09-02T00:00:00", "datePublished": "2022-10-13T00:00:00"}, "containers": {"cna": {"title": "Ree6 vulnerable to SQL Injection", "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-10-13T00:00:00"}, "descriptions": [{"lang": "en", "value": "Ree6 is a moderation bot. This vulnerability allows manipulation of SQL queries. This issue has been patched in version 1.7.0 by using Javas PreparedStatements, which allow object setting without the risk of SQL injection. There are currently no known workarounds."}], "affected": [{"vendor": "Ree6-Applications", "product": "Ree6", "versions": [{"version": "<= 1.6.4", "status": "affected"}]}], "references": [{"url": "https://github.com/Ree6-Applications/Ree6/security/advisories/GHSA-69xv-xjfw-4pv8"}, {"url": "https://github.com/Ree6-Applications/Ree6/compare/1.6.4...1.7."}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "cweId": "CWE-89"}]}], "source": {"advisory": "GHSA-69xv-xjfw-4pv8", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:00:44.000Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/Ree6-Applications/Ree6/security/advisories/GHSA-69xv-xjfw-4pv8", "tags": ["x_transferred"]}, {"url": "https://github.com/Ree6-Applications/Ree6/compare/1.6.4...1.7.", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ree6:ree6:*:*:*:*:*:*:*:*", "matchCriteriaId": "CFFB9CB3-8CD8-4405-8C13-9227CC3B96DD", "versionEndExcluding": "1.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Ree6 is a moderation bot. This vulnerability allows manipulation of SQL queries. This issue has been patched in version 1.7.0 by using Javas PreparedStatements, which allow object setting without the risk of SQL injection. There are currently no known workarounds."}, {"lang": "es", "value": "Ree6 es un bot de moderaci\u00f3n. Esta vulnerabilidad permite manipular las consultas SQL. Este problema ha sido parcheado en versi\u00f3n 1.7.0 mediante el uso de Javas PreparedStatements, que permiten una fijaci\u00f3n de objetos sin el riesgo de inyecci\u00f3n SQL. Actualmente no se presentan mitigaciones conocidas"}], "id": "CVE-2022-39303", "lastModified": "2024-11-21T07:17:59.597", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-13T23:15:11.333", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/Ree6-Applications/Ree6/compare/1.6.4...1.7."}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Ree6-Applications/Ree6/security/advisories/GHSA-69xv-xjfw-4pv8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/Ree6-Applications/Ree6/compare/1.6.4...1.7."}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Ree6-Applications/Ree6/security/advisories/GHSA-69xv-xjfw-4pv8"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}