Code Injection in hestiacp/hestiacp
CVE-2022-2636

8.5HIGH

Key Information:

Vendor

Hestiacp

Status
Hestiacp/hestiacp
Vendor
CVE Published:
5 August 2022

What is CVE-2022-2636?

Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to 1.6.6.

Affected Version(s)

hestiacp/hestiacp < 1.6.6

References

https://github.com/hestiacp/hestiacp/commit/b178b9719bb2c...
x_refsource_MISC
https://huntr.dev/bounties/357c0390-631c-4684-b6e1-a6d8b2...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.