CVE-2022-23529
Apache Not a Vulnerability
Description
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The issue is not a vulnerability. Notes: none.
INFO
Published Date :
Dec. 21, 2022, 9:15 p.m.
Last Modified :
Nov. 7, 2023, 3:44 a.m.
Remotely Exploit :
No
Source :
[email protected]
Solution
- n\a
Public PoC/Exploit Available at Github
CVE-2022-23529 has a 11 public
PoC/Exploit
available at Github.
Go to the Public Exploits
tab to see the list.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
This is a sample repo with vulnerable docker files and others
Go Java Dockerfile JavaScript Python C# PHP
None
Python C# Go Java JavaScript PHP Dockerfile
None
None
工具书单
Perl Shell
CVE-2022-23529-PoC
JavaScript
None
JavaScript Pug
None
Dockerfile Python JavaScript
None
This project is about creating a website for the mighty Pong contest! Users can play Pong with others. The website provides a nice user interface, a chat, and real-time multiplayer online games!
Shell JavaScript Dockerfile TypeScript HTML Vue Makefile CSS
test 反向辣鸡数据投放 CVE-2022-23305 工具 利用 教程 Exploit POC
cve-2020-
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2022-23529
vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2022-23529
vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by [email protected]
Nov. 07, 2023
Action Type Old Value New Value Changed Description ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The issue is not a vulnerability. Notes: none. Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The issue is not a vulnerability. Notes: none. -
CVE Modified by [email protected]
Jan. 27, 2023
Action Type Old Value New Value Changed Description node-jsonwebtoken is a JsonWebToken implementation for node.js. For versions `<= 8.5.1` of `jsonwebtoken` library, if a malicious actor has the ability to modify the key retrieval parameter (referring to the `secretOrPublicKey` argument from the readme link of the `jwt.verify()` function, they can write arbitrary files on the host machine. Users are affected only if untrusted entities are allowed to modify the key retrieval parameter of the `jwt.verify()` on a host that you control. This issue has been fixed, please update to version 9.0.0. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The issue is not a vulnerability. Notes: none. Removed CVSS V3.1 GitHub, Inc. AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L Removed CVSS V3.1 Reason A-No limiting factors Removed CVSS V3.1 Reason C-No limiting factors Removed CVSS V3.1 Reason PR-No privileges needed Removed Reference https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3 [Patch, Third Party Advisory] Removed Reference https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-27h2-hvpr-p74q [Third Party Advisory] Removed CWE GitHub, Inc. CWE-20 -
CVE Rejected by [email protected]
Jan. 27, 2023
Action Type Old Value New Value -
Initial Analysis by [email protected]
Dec. 30, 2022
Action Type Old Value New Value Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Changed Reference Type https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3 No Types Assigned https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3 Patch, Third Party Advisory Changed Reference Type https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-27h2-hvpr-p74q No Types Assigned https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-27h2-hvpr-p74q Third Party Advisory Added CPE Configuration OR *cpe:2.3:a:auth0:jsonwebtoken:*:*:*:*:*:node.js:*:* versions up to (including) 8.5.1