ExploitCVE-2022-3607
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)
Published: Oct 19, 2022 / Updated: 25mo ago
010
CVSS 6EPSS 0.04%Medium
CVE info copied to clipboard
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3.
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Timeline
First Article
Feedly found the first article mentioning CVE-2022-3607. See article
Oct 19, 2022 at 1:46 PM / nitter.net
EPSS
EPSS Score was set to: 0.04% (Percentile: 7.2%)
Sep 24, 2023 at 4:35 AM
Affected Systems
Octoprint/octoprint
+null more
Exploits
https://huntr.dev/bounties/2d1db3c9-93e8-4902-a55b-5ea53c22aa11
+null more
Patches
github.com
+null more
Links to Mitre Att&cks
T1562.003: Impair Command History Logging
+null more
Attack Patterns
CAPEC-10: Buffer Overflow via Environment Variables
+null more
Vendor Advisory
OctoPrint vulnerable to Special Element Injection
GitHub Security Advisory: GHSA-rj5f-vm79-5j84 Release Date: 2022-10-19 Update Date: 2022-10-21 Severity: Moderate CVE-2022-3607 Base Score: 6.0 Vector String: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Package Information Package: OctoPrint Affected Versions: Patched Versions: 1.8.3 Description OctoPrint prior to 1.8.3 is vulnerable to Special Element Injection.
News
xcorail closed an issue in github/securitylab
xcorail closed an issue in github/securitylab · [Python] Unsafe Unpacking and TarSlip bug slaying #759 CVE(s) ID list CVE-2022-23522 CVE-2023-30620 CVE-2023-31131 CVE-2022-23530 CVE-2022-3607 All For One submission #719 Details The criticality sco… 10 comments
CVE-2022-3607 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3607
CVE-2022-3607 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3. cve.mitre.org/cgi-bin/cvenam…
OctoPrint vulnerable to Special Element Injection
GitHub Security Advisory: GHSA-rj5f-vm79-5j84 Release Date: 2022-10-19 Update Date: 2022-10-21 Severity: Moderate CVE-2022-3607 Base Score: 6.0 Vector String: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Package Information Package: OctoPrint Affected Versions: Patched Versions: 1.8.3 Description OctoPrint prior to 1.8.3 is vulnerable to Special Element Injection.
CVE-2022-3607
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3. (CVSS:0.0) (Last Update:2022-10-20)
CVE-2022-3607 Exploit
CVE Id : CVE-2022-3607 Published Date: 2022-10-20T19:33:00+00:00 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3. inTheWild added a link to an exploit: https://huntr.dev/bounties/2d1db3c9-93e8-4902-a55b-5ea53c22aa11
See 12 more articles and social media posts