CVE-2024-46503 - Vulnerability Details

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

Subscriptions

No data.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

No reference.

History

Thu, 10 Oct 2024 14:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-22
References	https://gist.github.com/guilherme-goncalves793/30d62c12fffd18d4058f4aebe188f462 https://gist.github.com/guilherme-goncalves793/9c3125c6c8e33e0d9216847118137c63
Metrics	cvssV3_1 `{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

Thu, 10 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:a:simple-spellchecker:simple-spellchecker::::::::
Vendors & Products	Simple-spellchecker Simple-spellchecker simple-spellchecker
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 10 Oct 2024 14:00:00 +0000

Type	Values Removed	Values Added
Description	An issue in the _readFileSync function of Simple Spellchecker v1.0.2 allows attackers to read arbitrary files via a directory traversal. NOTE: this is disputed by multiple parties because the existence of _readFile and _readFileSync does not mean that Simple Spellchecker is intended for use with untrusted file_path values.	DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
References	https://github.com/cisagov/vulnrichment/issues/120 https://github.com/jfmdev/simple-spellchecker/blob/68ce326b60fe156259fbebb2a396ecf48498ce52/index.js#L70-L91 https://www.npmjs.com/package/simple-spellchecker

Thu, 10 Oct 2024 13:45:00 +0000

Type	Values Removed	Values Added
Description	An issue in the _readFileSync function of Simple-Spellchecker v1.0.2 allows attackers to read arbitrary files via a directory traversal.	An issue in the _readFileSync function of Simple Spellchecker v1.0.2 allows attackers to read arbitrary files via a directory traversal. NOTE: this is disputed by multiple parties because the existence of _readFile and _readFileSync does not mean that Simple Spellchecker is intended for use with untrusted file_path values.
References		https://github.com/cisagov/vulnrichment/issues/120 https://github.com/jfmdev/simple-spellchecker/blob/68ce326b60fe156259fbebb2a396ecf48498ce52/index.js#L70-L91 https://www.npmjs.com/package/simple-spellchecker

Tue, 08 Oct 2024 16:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Simple-spellchecker simple-spellchecker
CPEs	cpe:2.3:a:simple-spellchecker:_readfilesync_function::::::::	cpe:2.3:a:simple-spellchecker:simple-spellchecker::::::::
Vendors & Products	Simple-spellchecker Readfilesync Function	Simple-spellchecker simple-spellchecker

Mon, 07 Oct 2024 19:15:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`	cvssV3_1 `{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 01 Oct 2024 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Simple-spellchecker Simple-spellchecker Readfilesync Function
Weaknesses		CWE-22
CPEs		cpe:2.3:a:simple-spellchecker:_readfilesync_function::::::::
Vendors & Products		Simple-spellchecker Simple-spellchecker Readfilesync Function
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 30 Sep 2024 21:15:00 +0000

Type	Values Removed	Values Added
Description		An issue in the _readFileSync function of Simple-Spellchecker v1.0.2 allows attackers to read arbitrary files via a directory traversal.
References		https://gist.github.com/guilherme-goncalves793/30d62c12fffd18d4058f4aebe188f462 https://gist.github.com/guilherme-goncalves793/9c3125c6c8e33e0d9216847118137c63

MITRE

Status: REJECTED

Assigner: mitre

Published: 2024-09-30T00:00:00.000Z

Updated: 2024-10-10T13:42:07.709Z

Reserved: 2024-09-11T00:00:00.000Z

Link: CVE-2024-46503

Vulnrichment

Updated:

NVD

Status : Rejected

Published: 2024-09-30T21:15:03.590

Modified: 2024-10-10T14:15:05.183

Link: CVE-2024-46503

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Subscriptions

Tracking

JSON object

JSON object

JSON object

JSON object

JSON object