DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

No data.

No data.

No data.

References

No reference.

History

Thu, 10 Oct 2024 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Thu, 10 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:simple-spellchecker:simple-spellchecker:*:*:*:*:*:*:*:*
Vendors & Products Simple-spellchecker
Simple-spellchecker simple-spellchecker
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 10 Oct 2024 14:00:00 +0000

Type Values Removed Values Added
Description An issue in the _readFileSync function of Simple Spellchecker v1.0.2 allows attackers to read arbitrary files via a directory traversal. NOTE: this is disputed by multiple parties because the existence of _readFile and _readFileSync does not mean that Simple Spellchecker is intended for use with untrusted file_path values. DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
References

Thu, 10 Oct 2024 13:45:00 +0000

Type Values Removed Values Added
Description An issue in the _readFileSync function of Simple-Spellchecker v1.0.2 allows attackers to read arbitrary files via a directory traversal. An issue in the _readFileSync function of Simple Spellchecker v1.0.2 allows attackers to read arbitrary files via a directory traversal. NOTE: this is disputed by multiple parties because the existence of _readFile and _readFileSync does not mean that Simple Spellchecker is intended for use with untrusted file_path values.
References

Tue, 08 Oct 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Simple-spellchecker simple-spellchecker
CPEs cpe:2.3:a:simple-spellchecker:_readfilesync_function:*:*:*:*:*:*:*:* cpe:2.3:a:simple-spellchecker:simple-spellchecker:*:*:*:*:*:*:*:*
Vendors & Products Simple-spellchecker Readfilesync Function
Simple-spellchecker simple-spellchecker

Mon, 07 Oct 2024 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 01 Oct 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Simple-spellchecker
Simple-spellchecker Readfilesync Function
Weaknesses CWE-22
CPEs cpe:2.3:a:simple-spellchecker:_readfilesync_function:*:*:*:*:*:*:*:*
Vendors & Products Simple-spellchecker
Simple-spellchecker Readfilesync Function
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 30 Sep 2024 21:15:00 +0000

Type Values Removed Values Added
Description An issue in the _readFileSync function of Simple-Spellchecker v1.0.2 allows attackers to read arbitrary files via a directory traversal.
References
cve-icon MITRE

Status: REJECTED

Assigner: mitre

Published:

Updated: 2024-10-10T13:42:07.709461

Reserved: 2024-09-11T00:00:00

Link: CVE-2024-46503

cve-icon Vulnrichment

Updated:

cve-icon NVD

Status : Rejected

Published: 2024-09-30T21:15:03.590

Modified: 2024-10-10T14:15:05.183

Link: CVE-2024-46503

cve-icon Redhat

No data.