CVE-2022-41875

A remote code execution (RCE) vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Specially crafted JSON payloads may lead to RCE (remote code execution) on the attacked system running Optica. The vulnerability was patched in v. 0.10.2, where the call to the function `oj.load` was changed to `oj.safe_load`.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/airbnb/optica/security/advisories/GHSA-cf87-4h6x-phh6	Third Party Advisory
https://github.com/ohler55/oj/blob/develop/pages/Security.md	Third Party Advisory
https://www.rubydoc.info/gems/oj/3.0.2/Oj.safe_load	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:airbnb:optica:*:*:*:*:*:*:*:*

History

30 Nov 2022, 16:07

Type	Values Removed	Values Added
References	~~(CONFIRM) https://github.com/airbnb/optica/security/advisories/GHSA-cf87-4h6x-phh6 -~~	(CONFIRM) https://github.com/airbnb/optica/security/advisories/GHSA-cf87-4h6x-phh6 - Third Party Advisory
References	~~(MISC) https://www.rubydoc.info/gems/oj/3.0.2/Oj.safe_load -~~	(MISC) https://www.rubydoc.info/gems/oj/3.0.2/Oj.safe_load - Release Notes, Vendor Advisory
References	~~(MISC) https://github.com/ohler55/oj/blob/develop/pages/Security.md -~~	(MISC) https://github.com/ohler55/oj/blob/develop/pages/Security.md - Third Party Advisory
CPE		cpe:2.3:a:airbnb:optica::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8

23 Nov 2022, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-11-23 19:15

Updated : 2024-02-04 23:14

NVD link : CVE-2022-41875

Mitre link : CVE-2022-41875

CVE.ORG link : CVE-2022-41875

JSON object : View

Products Affected

airbnb

optica

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2022-41875", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}]}, "published": "2022-11-23T19:15:12.197", "references": [{"url": "https://github.com/airbnb/optica/security/advisories/GHSA-cf87-4h6x-phh6", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/ohler55/oj/blob/develop/pages/Security.md", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://www.rubydoc.info/gems/oj/3.0.2/Oj.safe_load", "tags": ["Release Notes", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "A remote code execution (RCE) vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Specially crafted JSON payloads may lead to RCE (remote code execution) on the attacked system running Optica. The vulnerability was patched in v. 0.10.2, where the call to the function `oj.load` was changed to `oj.safe_load`."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) en Optica permite a atacantes no autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s de payloads JSON especialmente manipulados. Los payloads JSON especialmente manipulados pueden provocar RCE (ejecuci\u00f3n remota de c\u00f3digo) en el sistema atacado que ejecuta Optica. La vulnerabilidad se parch\u00f3 en la versi\u00f3n 0.10.2, donde la llamada a la funci\u00f3n `oj.load` se cambi\u00f3 a `oj.safe_load`."}], "lastModified": "2022-11-30T16:07:24.933", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:airbnb:optica:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE1AD149-693B-486D-9001-0A754E47E80A", "versionEndExcluding": "0.10.2"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}