Search

Find a vulnerability

Search criteria

    2 vulnerabilities by metarhia

    CVE-2022-21122 (GCVE-0-2022-21122)

    Vulnerability from nvd – Published: 2022-06-03 20:05 – Updated: 2024-09-16 19:56
    VLAI
    Title
    Arbitrary Code Execution
    Summary
    The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Execution when it exposes JavaScript's Math class to the v8 context. As the Math class is exposed to user-land, it can be used to get access to JavaScript's Function constructor.
    CWE
    • Arbitrary Code Execution
    Assigner
    Impacted products
    Vendor Product Version
    n/a metacalc Affected: unspecified , < 0.0.2 (custom)
    Date Public
    2022-06-03 00:00
    Credits
    Vladyslav Dukhin
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:31:58.633Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JS-METACALC-2826197"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/metarhia/metacalc/pull/16"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/metarhia/metacalc/commit/625c23d63eabfa16fc815f5832b147b08d2144bd"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "metacalc",
              "vendor": "n/a",
              "versions": [
                {
                  "lessThan": "0.0.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Vladyslav Dukhin"
            }
          ],
          "datePublic": "2022-06-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Execution when it exposes JavaScript\u0027s Math class to the v8 context. As the Math class is exposed to user-land, it can be used to get access to JavaScript\u0027s Function constructor."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "PROOF_OF_CONCEPT",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 8.5,
                "temporalSeverity": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-03T20:05:12.000Z",
            "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
            "shortName": "snyk"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://snyk.io/vuln/SNYK-JS-METACALC-2826197"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/metarhia/metacalc/pull/16"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/metarhia/metacalc/commit/625c23d63eabfa16fc815f5832b147b08d2144bd"
            }
          ],
          "title": "Arbitrary Code Execution",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "report@snyk.io",
              "DATE_PUBLIC": "2022-06-03T20:00:06.343033Z",
              "ID": "CVE-2022-21122",
              "STATE": "PUBLIC",
              "TITLE": "Arbitrary Code Execution"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "metacalc",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Vladyslav Dukhin"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Execution when it exposes JavaScript\u0027s Math class to the v8 context. As the Math class is exposed to user-land, it can be used to get access to JavaScript\u0027s Function constructor."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Arbitrary Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://snyk.io/vuln/SNYK-JS-METACALC-2826197",
                  "refsource": "MISC",
                  "url": "https://snyk.io/vuln/SNYK-JS-METACALC-2826197"
                },
                {
                  "name": "https://github.com/metarhia/metacalc/pull/16",
                  "refsource": "MISC",
                  "url": "https://github.com/metarhia/metacalc/pull/16"
                },
                {
                  "name": "https://github.com/metarhia/metacalc/commit/625c23d63eabfa16fc815f5832b147b08d2144bd",
                  "refsource": "MISC",
                  "url": "https://github.com/metarhia/metacalc/commit/625c23d63eabfa16fc815f5832b147b08d2144bd"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "assignerShortName": "snyk",
        "cveId": "CVE-2022-21122",
        "datePublished": "2022-06-03T20:05:12.139Z",
        "dateReserved": "2022-02-24T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:56:29.255Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-21122 (GCVE-0-2022-21122)

    Vulnerability from cvelistv5 – Published: 2022-06-03 20:05 – Updated: 2024-09-16 19:56
    VLAI
    Title
    Arbitrary Code Execution
    Summary
    The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Execution when it exposes JavaScript's Math class to the v8 context. As the Math class is exposed to user-land, it can be used to get access to JavaScript's Function constructor.
    CWE
    • Arbitrary Code Execution
    Assigner
    Impacted products
    Vendor Product Version
    n/a metacalc Affected: unspecified , < 0.0.2 (custom)
    Date Public
    2022-06-03 00:00
    Credits
    Vladyslav Dukhin
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:31:58.633Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JS-METACALC-2826197"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/metarhia/metacalc/pull/16"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/metarhia/metacalc/commit/625c23d63eabfa16fc815f5832b147b08d2144bd"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "metacalc",
              "vendor": "n/a",
              "versions": [
                {
                  "lessThan": "0.0.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Vladyslav Dukhin"
            }
          ],
          "datePublic": "2022-06-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Execution when it exposes JavaScript\u0027s Math class to the v8 context. As the Math class is exposed to user-land, it can be used to get access to JavaScript\u0027s Function constructor."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "PROOF_OF_CONCEPT",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 8.5,
                "temporalSeverity": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-03T20:05:12.000Z",
            "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
            "shortName": "snyk"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://snyk.io/vuln/SNYK-JS-METACALC-2826197"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/metarhia/metacalc/pull/16"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/metarhia/metacalc/commit/625c23d63eabfa16fc815f5832b147b08d2144bd"
            }
          ],
          "title": "Arbitrary Code Execution",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "report@snyk.io",
              "DATE_PUBLIC": "2022-06-03T20:00:06.343033Z",
              "ID": "CVE-2022-21122",
              "STATE": "PUBLIC",
              "TITLE": "Arbitrary Code Execution"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "metacalc",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Vladyslav Dukhin"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Execution when it exposes JavaScript\u0027s Math class to the v8 context. As the Math class is exposed to user-land, it can be used to get access to JavaScript\u0027s Function constructor."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Arbitrary Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://snyk.io/vuln/SNYK-JS-METACALC-2826197",
                  "refsource": "MISC",
                  "url": "https://snyk.io/vuln/SNYK-JS-METACALC-2826197"
                },
                {
                  "name": "https://github.com/metarhia/metacalc/pull/16",
                  "refsource": "MISC",
                  "url": "https://github.com/metarhia/metacalc/pull/16"
                },
                {
                  "name": "https://github.com/metarhia/metacalc/commit/625c23d63eabfa16fc815f5832b147b08d2144bd",
                  "refsource": "MISC",
                  "url": "https://github.com/metarhia/metacalc/commit/625c23d63eabfa16fc815f5832b147b08d2144bd"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "assignerShortName": "snyk",
        "cveId": "CVE-2022-21122",
        "datePublished": "2022-06-03T20:05:12.139Z",
        "dateReserved": "2022-02-24T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:56:29.255Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }