CVE-2022-23529
Apache Not a Vulnerability
Description
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The issue is not a vulnerability. Notes: none.
INFO
Published Date :
Dec. 21, 2022, 9:15 p.m.
Last Modified :
Nov. 7, 2023, 3:44 a.m.
Remotely Exploit :
No
Source :
[email protected]
Solution
- n\a
Public PoC/Exploit Available at Github
CVE-2022-23529 has a 55 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Intentionally vulnerable app to trigger CodeQL, Dependabot, Secret Scanning, and other security scanning tools.
Dockerfile JavaScript HCL
None
JavaScript
None
JavaScript HTML CSS Dockerfile
None
JavaScript
A Claude Code plugin marketplace for solo agency operators. Six squads covering engineering, marketing, sales, design, project management, and security.
claude-code claude-code-plugin claude-code-skill agency agency-tools marketing marketing-automation productivity seo developer-tools
Shell JavaScript Batchfile
None
Dockerfile TypeScript HCL Shell Python
None
HTML TypeScript
A fast, zero-config CLI tool that scans your project dependencies and Dockerfiles for known security vulnerabilities — across 8 ecosystems, powered by free public vulnerability databases, with AI-powered analysis and scheduled scanning.
cli-tool cve dependency-check devsecops npm-audit open-source-security osv pip-audit python sca security supply-chain-security vulnerability-scanner
Python
Scan projects for CVEs in AI-generated dependencies. Zero API calls. Works offline.
Python
None
None
JavaScript
None
Dockerfile JavaScript
Just a Demo file
JavaScript
SAST Demo Projects - Intentionally vulnerable applications for demonstrating and evaluating Static Application Security Testing (SAST) tools
Python TypeScript Java
Your AI executive team on Discord. 7 specialized agents — Engineering, Finance, Marketing, DevOps, Legal, Management, Chief of Staff. One-click setup on any free-tier server. Built on Clawdbot.
ai ai-agents clawdbot discord discord-bot multi-agent ai-team automation discord-bots free-tier self-hosted executive-team browser-automation cron-jobs devops github-actions llm notion open-source tts
Shell Dockerfile JavaScript HTML TypeScript CSS
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2022-23529 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2022-23529 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by [email protected]
Nov. 07, 2023
Action Type Old Value New Value Changed Description ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The issue is not a vulnerability. Notes: none. Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The issue is not a vulnerability. Notes: none. -
CVE Modified by [email protected]
Jan. 27, 2023
Action Type Old Value New Value Changed Description node-jsonwebtoken is a JsonWebToken implementation for node.js. For versions `<= 8.5.1` of `jsonwebtoken` library, if a malicious actor has the ability to modify the key retrieval parameter (referring to the `secretOrPublicKey` argument from the readme link of the `jwt.verify()` function, they can write arbitrary files on the host machine. Users are affected only if untrusted entities are allowed to modify the key retrieval parameter of the `jwt.verify()` on a host that you control. This issue has been fixed, please update to version 9.0.0. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The issue is not a vulnerability. Notes: none. Removed CVSS V3.1 GitHub, Inc. AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L Removed CVSS V3.1 Reason A-No limiting factors Removed CVSS V3.1 Reason C-No limiting factors Removed CVSS V3.1 Reason PR-No privileges needed Removed Reference https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3 [Patch, Third Party Advisory] Removed Reference https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-27h2-hvpr-p74q [Third Party Advisory] Removed CWE GitHub, Inc. CWE-20 -
CVE Rejected by [email protected]
Jan. 27, 2023
Action Type Old Value New Value -
Initial Analysis by [email protected]
Dec. 30, 2022
Action Type Old Value New Value Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Changed Reference Type https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3 No Types Assigned https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3 Patch, Third Party Advisory Changed Reference Type https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-27h2-hvpr-p74q No Types Assigned https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-27h2-hvpr-p74q Third Party Advisory Added CPE Configuration OR *cpe:2.3:a:auth0:jsonwebtoken:*:*:*:*:*:node.js:*:* versions up to (including) 8.5.1