Improper Cleanup on Thrown Exception Affecting rdiffweb package, versions [2.4.6,2.4.8)
Snyk CVSS
Attack Complexity
Low
User Interaction
Required
Threat Intelligence
EPSS
0.05% (21st
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-RDIFFWEB-3033165
- published 26 Sep 2022
- disclosed 26 Sep 2022
- credit Nehalr777
Introduced: 26 Sep 2022
CVE-2022-3301 Open this link in a new tabHow to fix?
Upgrade rdiffweb
to version 2.4.8 or higher.
Overview
rdiffweb is an A web interface to rdiff-backup repositories.
Affected versions of this package are vulnerable to Improper Cleanup on Thrown Exception due to the webpage reflecting an invalid path which allows an attacker to inject malicious data into the page of a web application to feed misleading information to users of the application.