Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for tooljet/tooljet by tooljet

    CVE-2022-4111 (GCVE-0-2022-4111)

    Vulnerability from nvd – Published: 2022-11-22 00:00 – Updated: 2025-04-24 20:07
    VLAI
    Title
    Improper Validation of Specified Quantity in Input in tooljet/tooljet
    Summary
    Unrestricted file size limit can lead to DoS in tooljet/tooljet <1.27 by allowing a logged in attacker to upload profile pictures over 2MB.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1284 - Improper Validation of Specified Quantity in Input
    Assigner
    Impacted products
    Vendor Product Version
    tooljet tooljet/tooljet Affected: unspecified , < v1.27.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:27:54.434Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/5596d072-66d2-4361-8cac-101c9c781c3d"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/tooljet/tooljet/commit/01cd3f0464747973ec329e9fb1ea12743d3235cc"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-4111",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-24T20:07:11.606695Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-24T20:07:23.860Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "tooljet/tooljet",
              "vendor": "tooljet",
              "versions": [
                {
                  "lessThan": "v1.27.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eUnrestricted file size limit can lead to DoS in tooljet/tooljet \u0026lt;1.27 by allowing a logged in attacker to upload profile pictures over 2MB.\u003c/p\u003e"
                }
              ],
              "value": "Unrestricted file size limit can lead to DoS in tooljet/tooljet \u003c1.27 by allowing a logged in attacker to upload profile pictures over 2MB.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1284",
                  "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-11T07:05:11.102Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/5596d072-66d2-4361-8cac-101c9c781c3d"
            },
            {
              "url": "https://github.com/tooljet/tooljet/commit/01cd3f0464747973ec329e9fb1ea12743d3235cc"
            }
          ],
          "source": {
            "advisory": "5596d072-66d2-4361-8cac-101c9c781c3d",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Validation of Specified Quantity in Input in tooljet/tooljet",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-4111",
        "datePublished": "2022-11-22T00:00:00.000Z",
        "dateReserved": "2022-11-22T00:00:00.000Z",
        "dateUpdated": "2025-04-24T20:07:23.860Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3422 (GCVE-0-2022-3422)

    Vulnerability from nvd – Published: 2022-10-07 00:00 – Updated: 2024-08-03 01:07
    VLAI
    Title
    Improper Privilege Management in tooljet/tooljet
    Summary
    Account Takeover :: when see the info i can see the hash pass i can creaked it ............... Account Takeover :: when see the info i can see the forgot_password_token the hacker can send the request and changed the pass
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    tooljet tooljet/tooljet Affected: unspecified , < v1.26.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:07:06.576Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/02da53ab-f613-4171-8766-96b31c671551"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/tooljet/tooljet/commit/7879d8a76000c014533a97a22bc276afe3ae3e54"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "tooljet/tooljet",
              "vendor": "tooljet",
              "versions": [
                {
                  "lessThan": "v1.26.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Account Takeover :: when see the info i can see the hash pass i can creaked it ............... Account Takeover :: when see the info i can see the forgot_password_token the hacker can send the request and changed the pass"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-07T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/02da53ab-f613-4171-8766-96b31c671551"
            },
            {
              "url": "https://github.com/tooljet/tooljet/commit/7879d8a76000c014533a97a22bc276afe3ae3e54"
            }
          ],
          "source": {
            "advisory": "02da53ab-f613-4171-8766-96b31c671551",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Privilege Management in tooljet/tooljet"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-3422",
        "datePublished": "2022-10-07T00:00:00.000Z",
        "dateReserved": "2022-10-07T00:00:00.000Z",
        "dateUpdated": "2024-08-03T01:07:06.576Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3348 (GCVE-0-2022-3348)

    Vulnerability from nvd – Published: 2022-09-28 08:40 – Updated: 2025-05-21 14:15
    VLAI
    Title
    Exposure of Sensitive Information to an Unauthorized Actor in tooljet/tooljet
    Summary
    Just like in the previous report, an attacker could steal the account of different users. But in this case, it's a little bit more specific, because it is needed to be an editor in the same app as the victim.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    tooljet tooljet/tooljet Affected: unspecified , < v1.26.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:07:06.482Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/aae4aeb8-2612-4254-85e5-90675b082eac"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/tooljet/tooljet/commit/37bf6de75f161e03c2a81888810488b913863a46"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3348",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-21T14:15:21.283898Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-21T14:15:29.849Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "tooljet/tooljet",
              "vendor": "tooljet",
              "versions": [
                {
                  "lessThan": "v1.26.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Just like in the previous report, an attacker could steal the account of different users. But in this case, it\u0027s a little bit more specific, because it is needed to be an editor in the same app as the victim."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-28T08:40:09.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/aae4aeb8-2612-4254-85e5-90675b082eac"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/tooljet/tooljet/commit/37bf6de75f161e03c2a81888810488b913863a46"
            }
          ],
          "source": {
            "advisory": "aae4aeb8-2612-4254-85e5-90675b082eac",
            "discovery": "EXTERNAL"
          },
          "title": "Exposure of Sensitive Information to an Unauthorized Actor in tooljet/tooljet",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-3348",
              "STATE": "PUBLIC",
              "TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in tooljet/tooljet"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "tooljet/tooljet",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v1.26.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "tooljet"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Just like in the previous report, an attacker could steal the account of different users. But in this case, it\u0027s a little bit more specific, because it is needed to be an editor in the same app as the victim."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/aae4aeb8-2612-4254-85e5-90675b082eac",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/aae4aeb8-2612-4254-85e5-90675b082eac"
                },
                {
                  "name": "https://github.com/tooljet/tooljet/commit/37bf6de75f161e03c2a81888810488b913863a46",
                  "refsource": "MISC",
                  "url": "https://github.com/tooljet/tooljet/commit/37bf6de75f161e03c2a81888810488b913863a46"
                }
              ]
            },
            "source": {
              "advisory": "aae4aeb8-2612-4254-85e5-90675b082eac",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-3348",
        "datePublished": "2022-09-28T08:40:09.000Z",
        "dateReserved": "2022-09-28T00:00:00.000Z",
        "dateUpdated": "2025-05-21T14:15:29.849Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3019 (GCVE-0-2022-3019)

    Vulnerability from nvd – Published: 2022-08-29 05:30 – Updated: 2024-08-03 00:53
    VLAI
    Title
    Improper Access Control in tooljet/tooljet
    Summary
    The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id's might also be an option but I wouldn't count on it, since it would take a long time to find a valid one).
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    tooljet tooljet/tooljet Affected: unspecified , < 1.23.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:53:00.227Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/a610300b-ce3c-4995-8337-11942b3621bf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/tooljet/tooljet/commit/45e0d3302d92df7d7f2d609c31cea71165600b79"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "tooljet/tooljet",
              "vendor": "tooljet",
              "versions": [
                {
                  "lessThan": "1.23.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id\u0027s might also be an option but I wouldn\u0027t count on it, since it would take a long time to find a valid one)."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-29T05:30:12.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/a610300b-ce3c-4995-8337-11942b3621bf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/tooljet/tooljet/commit/45e0d3302d92df7d7f2d609c31cea71165600b79"
            }
          ],
          "source": {
            "advisory": "a610300b-ce3c-4995-8337-11942b3621bf",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Control in tooljet/tooljet",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-3019",
              "STATE": "PUBLIC",
              "TITLE": "Improper Access Control in tooljet/tooljet"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "tooljet/tooljet",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.23.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "tooljet"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id\u0027s might also be an option but I wouldn\u0027t count on it, since it would take a long time to find a valid one)."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/a610300b-ce3c-4995-8337-11942b3621bf",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/a610300b-ce3c-4995-8337-11942b3621bf"
                },
                {
                  "name": "https://github.com/tooljet/tooljet/commit/45e0d3302d92df7d7f2d609c31cea71165600b79",
                  "refsource": "MISC",
                  "url": "https://github.com/tooljet/tooljet/commit/45e0d3302d92df7d7f2d609c31cea71165600b79"
                }
              ]
            },
            "source": {
              "advisory": "a610300b-ce3c-4995-8337-11942b3621bf",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-3019",
        "datePublished": "2022-08-29T05:30:12.000Z",
        "dateReserved": "2022-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:53:00.227Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2631 (GCVE-0-2022-2631)

    Vulnerability from nvd – Published: 2022-08-02 16:05 – Updated: 2024-08-03 00:46
    VLAI
    Title
    Improper Access Control in tooljet/tooljet
    Summary
    Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    tooljet tooljet/tooljet Affected: unspecified , < v1.19.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:46:03.083Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/86881f9e-ca48-49b5-9782-3c406316930c"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/tooljet/tooljet/commit/b9fa229bcae356cbb33300b31483e97e6ea140a7"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "tooljet/tooljet",
              "vendor": "tooljet",
              "versions": [
                {
                  "lessThan": "v1.19.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-02T16:55:09.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/86881f9e-ca48-49b5-9782-3c406316930c"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/tooljet/tooljet/commit/b9fa229bcae356cbb33300b31483e97e6ea140a7"
            }
          ],
          "source": {
            "advisory": "86881f9e-ca48-49b5-9782-3c406316930c",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Control in tooljet/tooljet",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-2631",
              "STATE": "PUBLIC",
              "TITLE": "Improper Access Control in tooljet/tooljet"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "tooljet/tooljet",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v1.19.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "tooljet"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/86881f9e-ca48-49b5-9782-3c406316930c",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/86881f9e-ca48-49b5-9782-3c406316930c"
                },
                {
                  "name": "https://github.com/tooljet/tooljet/commit/b9fa229bcae356cbb33300b31483e97e6ea140a7",
                  "refsource": "MISC",
                  "url": "https://github.com/tooljet/tooljet/commit/b9fa229bcae356cbb33300b31483e97e6ea140a7"
                }
              ]
            },
            "source": {
              "advisory": "86881f9e-ca48-49b5-9782-3c406316930c",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-2631",
        "datePublished": "2022-08-02T16:05:57.000Z",
        "dateReserved": "2022-08-02T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:46:03.083Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2037 (GCVE-0-2022-2037)

    Vulnerability from nvd – Published: 2022-06-09 08:20 – Updated: 2024-08-03 00:24
    VLAI
    Title
    Excessive Attack Surface in tooljet/tooljet
    Summary
    Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    tooljet tooljet/tooljet Affected: unspecified , < v1.16.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:24:44.060Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/4431ef84-93f2-4bc5-bc1a-97d7f229b28e"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/tooljet/tooljet/commit/fadf025365823cbbc739a1313791c0a04621972b"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "tooljet/tooljet",
              "vendor": "tooljet",
              "versions": [
                {
                  "lessThan": "v1.16.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1125",
                  "description": "CWE-1125 Excessive Attack Surface",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-09T08:20:12.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/4431ef84-93f2-4bc5-bc1a-97d7f229b28e"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/tooljet/tooljet/commit/fadf025365823cbbc739a1313791c0a04621972b"
            }
          ],
          "source": {
            "advisory": "4431ef84-93f2-4bc5-bc1a-97d7f229b28e",
            "discovery": "EXTERNAL"
          },
          "title": "Excessive Attack Surface in tooljet/tooljet",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-2037",
              "STATE": "PUBLIC",
              "TITLE": "Excessive Attack Surface in tooljet/tooljet"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "tooljet/tooljet",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v1.16.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "tooljet"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-1125 Excessive Attack Surface"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/4431ef84-93f2-4bc5-bc1a-97d7f229b28e",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/4431ef84-93f2-4bc5-bc1a-97d7f229b28e"
                },
                {
                  "name": "https://github.com/tooljet/tooljet/commit/fadf025365823cbbc739a1313791c0a04621972b",
                  "refsource": "MISC",
                  "url": "https://github.com/tooljet/tooljet/commit/fadf025365823cbbc739a1313791c0a04621972b"
                }
              ]
            },
            "source": {
              "advisory": "4431ef84-93f2-4bc5-bc1a-97d7f229b28e",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-2037",
        "datePublished": "2022-06-09T08:20:12.000Z",
        "dateReserved": "2022-06-09T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:24:44.060Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-4111 (GCVE-0-2022-4111)

    Vulnerability from cvelistv5 – Published: 2022-11-22 00:00 – Updated: 2025-04-24 20:07
    VLAI
    Title
    Improper Validation of Specified Quantity in Input in tooljet/tooljet
    Summary
    Unrestricted file size limit can lead to DoS in tooljet/tooljet <1.27 by allowing a logged in attacker to upload profile pictures over 2MB.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1284 - Improper Validation of Specified Quantity in Input
    Assigner
    Impacted products
    Vendor Product Version
    tooljet tooljet/tooljet Affected: unspecified , < v1.27.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:27:54.434Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/5596d072-66d2-4361-8cac-101c9c781c3d"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/tooljet/tooljet/commit/01cd3f0464747973ec329e9fb1ea12743d3235cc"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-4111",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-24T20:07:11.606695Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-24T20:07:23.860Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "tooljet/tooljet",
              "vendor": "tooljet",
              "versions": [
                {
                  "lessThan": "v1.27.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eUnrestricted file size limit can lead to DoS in tooljet/tooljet \u0026lt;1.27 by allowing a logged in attacker to upload profile pictures over 2MB.\u003c/p\u003e"
                }
              ],
              "value": "Unrestricted file size limit can lead to DoS in tooljet/tooljet \u003c1.27 by allowing a logged in attacker to upload profile pictures over 2MB.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1284",
                  "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-11T07:05:11.102Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/5596d072-66d2-4361-8cac-101c9c781c3d"
            },
            {
              "url": "https://github.com/tooljet/tooljet/commit/01cd3f0464747973ec329e9fb1ea12743d3235cc"
            }
          ],
          "source": {
            "advisory": "5596d072-66d2-4361-8cac-101c9c781c3d",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Validation of Specified Quantity in Input in tooljet/tooljet",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-4111",
        "datePublished": "2022-11-22T00:00:00.000Z",
        "dateReserved": "2022-11-22T00:00:00.000Z",
        "dateUpdated": "2025-04-24T20:07:23.860Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3422 (GCVE-0-2022-3422)

    Vulnerability from cvelistv5 – Published: 2022-10-07 00:00 – Updated: 2024-08-03 01:07
    VLAI
    Title
    Improper Privilege Management in tooljet/tooljet
    Summary
    Account Takeover :: when see the info i can see the hash pass i can creaked it ............... Account Takeover :: when see the info i can see the forgot_password_token the hacker can send the request and changed the pass
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    tooljet tooljet/tooljet Affected: unspecified , < v1.26.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:07:06.576Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/02da53ab-f613-4171-8766-96b31c671551"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/tooljet/tooljet/commit/7879d8a76000c014533a97a22bc276afe3ae3e54"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "tooljet/tooljet",
              "vendor": "tooljet",
              "versions": [
                {
                  "lessThan": "v1.26.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Account Takeover :: when see the info i can see the hash pass i can creaked it ............... Account Takeover :: when see the info i can see the forgot_password_token the hacker can send the request and changed the pass"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-07T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/02da53ab-f613-4171-8766-96b31c671551"
            },
            {
              "url": "https://github.com/tooljet/tooljet/commit/7879d8a76000c014533a97a22bc276afe3ae3e54"
            }
          ],
          "source": {
            "advisory": "02da53ab-f613-4171-8766-96b31c671551",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Privilege Management in tooljet/tooljet"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-3422",
        "datePublished": "2022-10-07T00:00:00.000Z",
        "dateReserved": "2022-10-07T00:00:00.000Z",
        "dateUpdated": "2024-08-03T01:07:06.576Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3348 (GCVE-0-2022-3348)

    Vulnerability from cvelistv5 – Published: 2022-09-28 08:40 – Updated: 2025-05-21 14:15
    VLAI
    Title
    Exposure of Sensitive Information to an Unauthorized Actor in tooljet/tooljet
    Summary
    Just like in the previous report, an attacker could steal the account of different users. But in this case, it's a little bit more specific, because it is needed to be an editor in the same app as the victim.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    tooljet tooljet/tooljet Affected: unspecified , < v1.26.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:07:06.482Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/aae4aeb8-2612-4254-85e5-90675b082eac"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/tooljet/tooljet/commit/37bf6de75f161e03c2a81888810488b913863a46"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3348",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-21T14:15:21.283898Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-21T14:15:29.849Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "tooljet/tooljet",
              "vendor": "tooljet",
              "versions": [
                {
                  "lessThan": "v1.26.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Just like in the previous report, an attacker could steal the account of different users. But in this case, it\u0027s a little bit more specific, because it is needed to be an editor in the same app as the victim."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-28T08:40:09.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/aae4aeb8-2612-4254-85e5-90675b082eac"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/tooljet/tooljet/commit/37bf6de75f161e03c2a81888810488b913863a46"
            }
          ],
          "source": {
            "advisory": "aae4aeb8-2612-4254-85e5-90675b082eac",
            "discovery": "EXTERNAL"
          },
          "title": "Exposure of Sensitive Information to an Unauthorized Actor in tooljet/tooljet",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-3348",
              "STATE": "PUBLIC",
              "TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in tooljet/tooljet"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "tooljet/tooljet",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v1.26.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "tooljet"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Just like in the previous report, an attacker could steal the account of different users. But in this case, it\u0027s a little bit more specific, because it is needed to be an editor in the same app as the victim."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/aae4aeb8-2612-4254-85e5-90675b082eac",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/aae4aeb8-2612-4254-85e5-90675b082eac"
                },
                {
                  "name": "https://github.com/tooljet/tooljet/commit/37bf6de75f161e03c2a81888810488b913863a46",
                  "refsource": "MISC",
                  "url": "https://github.com/tooljet/tooljet/commit/37bf6de75f161e03c2a81888810488b913863a46"
                }
              ]
            },
            "source": {
              "advisory": "aae4aeb8-2612-4254-85e5-90675b082eac",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-3348",
        "datePublished": "2022-09-28T08:40:09.000Z",
        "dateReserved": "2022-09-28T00:00:00.000Z",
        "dateUpdated": "2025-05-21T14:15:29.849Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3019 (GCVE-0-2022-3019)

    Vulnerability from cvelistv5 – Published: 2022-08-29 05:30 – Updated: 2024-08-03 00:53
    VLAI
    Title
    Improper Access Control in tooljet/tooljet
    Summary
    The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id's might also be an option but I wouldn't count on it, since it would take a long time to find a valid one).
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    tooljet tooljet/tooljet Affected: unspecified , < 1.23.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:53:00.227Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/a610300b-ce3c-4995-8337-11942b3621bf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/tooljet/tooljet/commit/45e0d3302d92df7d7f2d609c31cea71165600b79"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "tooljet/tooljet",
              "vendor": "tooljet",
              "versions": [
                {
                  "lessThan": "1.23.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id\u0027s might also be an option but I wouldn\u0027t count on it, since it would take a long time to find a valid one)."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-29T05:30:12.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/a610300b-ce3c-4995-8337-11942b3621bf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/tooljet/tooljet/commit/45e0d3302d92df7d7f2d609c31cea71165600b79"
            }
          ],
          "source": {
            "advisory": "a610300b-ce3c-4995-8337-11942b3621bf",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Control in tooljet/tooljet",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-3019",
              "STATE": "PUBLIC",
              "TITLE": "Improper Access Control in tooljet/tooljet"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "tooljet/tooljet",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.23.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "tooljet"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id\u0027s might also be an option but I wouldn\u0027t count on it, since it would take a long time to find a valid one)."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/a610300b-ce3c-4995-8337-11942b3621bf",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/a610300b-ce3c-4995-8337-11942b3621bf"
                },
                {
                  "name": "https://github.com/tooljet/tooljet/commit/45e0d3302d92df7d7f2d609c31cea71165600b79",
                  "refsource": "MISC",
                  "url": "https://github.com/tooljet/tooljet/commit/45e0d3302d92df7d7f2d609c31cea71165600b79"
                }
              ]
            },
            "source": {
              "advisory": "a610300b-ce3c-4995-8337-11942b3621bf",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-3019",
        "datePublished": "2022-08-29T05:30:12.000Z",
        "dateReserved": "2022-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:53:00.227Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2631 (GCVE-0-2022-2631)

    Vulnerability from cvelistv5 – Published: 2022-08-02 16:05 – Updated: 2024-08-03 00:46
    VLAI
    Title
    Improper Access Control in tooljet/tooljet
    Summary
    Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    tooljet tooljet/tooljet Affected: unspecified , < v1.19.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:46:03.083Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/86881f9e-ca48-49b5-9782-3c406316930c"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/tooljet/tooljet/commit/b9fa229bcae356cbb33300b31483e97e6ea140a7"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "tooljet/tooljet",
              "vendor": "tooljet",
              "versions": [
                {
                  "lessThan": "v1.19.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-02T16:55:09.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/86881f9e-ca48-49b5-9782-3c406316930c"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/tooljet/tooljet/commit/b9fa229bcae356cbb33300b31483e97e6ea140a7"
            }
          ],
          "source": {
            "advisory": "86881f9e-ca48-49b5-9782-3c406316930c",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Control in tooljet/tooljet",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-2631",
              "STATE": "PUBLIC",
              "TITLE": "Improper Access Control in tooljet/tooljet"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "tooljet/tooljet",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v1.19.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "tooljet"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/86881f9e-ca48-49b5-9782-3c406316930c",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/86881f9e-ca48-49b5-9782-3c406316930c"
                },
                {
                  "name": "https://github.com/tooljet/tooljet/commit/b9fa229bcae356cbb33300b31483e97e6ea140a7",
                  "refsource": "MISC",
                  "url": "https://github.com/tooljet/tooljet/commit/b9fa229bcae356cbb33300b31483e97e6ea140a7"
                }
              ]
            },
            "source": {
              "advisory": "86881f9e-ca48-49b5-9782-3c406316930c",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-2631",
        "datePublished": "2022-08-02T16:05:57.000Z",
        "dateReserved": "2022-08-02T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:46:03.083Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2037 (GCVE-0-2022-2037)

    Vulnerability from cvelistv5 – Published: 2022-06-09 08:20 – Updated: 2024-08-03 00:24
    VLAI
    Title
    Excessive Attack Surface in tooljet/tooljet
    Summary
    Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    tooljet tooljet/tooljet Affected: unspecified , < v1.16.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:24:44.060Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/4431ef84-93f2-4bc5-bc1a-97d7f229b28e"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/tooljet/tooljet/commit/fadf025365823cbbc739a1313791c0a04621972b"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "tooljet/tooljet",
              "vendor": "tooljet",
              "versions": [
                {
                  "lessThan": "v1.16.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1125",
                  "description": "CWE-1125 Excessive Attack Surface",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-09T08:20:12.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/4431ef84-93f2-4bc5-bc1a-97d7f229b28e"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/tooljet/tooljet/commit/fadf025365823cbbc739a1313791c0a04621972b"
            }
          ],
          "source": {
            "advisory": "4431ef84-93f2-4bc5-bc1a-97d7f229b28e",
            "discovery": "EXTERNAL"
          },
          "title": "Excessive Attack Surface in tooljet/tooljet",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-2037",
              "STATE": "PUBLIC",
              "TITLE": "Excessive Attack Surface in tooljet/tooljet"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "tooljet/tooljet",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v1.16.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "tooljet"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-1125 Excessive Attack Surface"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/4431ef84-93f2-4bc5-bc1a-97d7f229b28e",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/4431ef84-93f2-4bc5-bc1a-97d7f229b28e"
                },
                {
                  "name": "https://github.com/tooljet/tooljet/commit/fadf025365823cbbc739a1313791c0a04621972b",
                  "refsource": "MISC",
                  "url": "https://github.com/tooljet/tooljet/commit/fadf025365823cbbc739a1313791c0a04621972b"
                }
              ]
            },
            "source": {
              "advisory": "4431ef84-93f2-4bc5-bc1a-97d7f229b28e",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-2037",
        "datePublished": "2022-06-09T08:20:12.000Z",
        "dateReserved": "2022-06-09T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:24:44.060Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }