CVE-2022-23923

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-23923
All versions of package jailed are vulnerable to Sandbox Bypass via an exported alert() method which can access the main application. Exported methods are stored in the application.remote object.

8.6 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2441254 Exploit Third Party Advisory
https://snyk.io/vuln/SNYK-JS-JAILED-2391490 Exploit Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2441254 Exploit Third Party Advisory
https://snyk.io/vuln/SNYK-JS-JAILED-2391490 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:jailed_project:jailed:*:*:*:*:*:node.js:*:*
History

21 Nov 2024, 06:49

Type Values Removed Values Added
CVSS v2 : 7.5
v3 : 9.8 		v2 : 7.5
v3 : 8.6
References () https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2441254 - Exploit, Third Party Advisory () https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2441254 - Exploit, Third Party Advisory
References () https://snyk.io/vuln/SNYK-JS-JAILED-2391490 - Exploit, Third Party Advisory () https://snyk.io/vuln/SNYK-JS-JAILED-2391490 - Exploit, Third Party Advisory

11 May 2022, 15:52

Type Values Removed Values Added
References (MISC) https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2441254 - (MISC) https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2441254 - Exploit, Third Party Advisory
References (MISC) https://snyk.io/vuln/SNYK-JS-JAILED-2391490 - (MISC) https://snyk.io/vuln/SNYK-JS-JAILED-2391490 - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : 7.5
v3 : 9.8
CWE NVD-CWE-noinfo
CPE cpe:2.3:a:jailed_project:jailed:*:*:*:*:*:node.js:*:*

01 May 2022, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-05-01 16:15

Updated : 2024-11-21 06:49

NVD link : CVE-2022-23923

Mitre link : CVE-2022-23923

CVE.ORG link : CVE-2022-23923

JSON object : View

Products Affected

jailed_project

  • jailed
CWE
NVD-CWE-noinfo