{"vulnerability": "cve-2022-2592", "sightings": [{"uuid": "a2e740d9-a0ec-49a8-ba48-0b9864cd6e60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2022-25927", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mhdo3de6y72z", "content": "", "creation_timestamp": "2026-03-18T14:10:12.346837Z"}, {"uuid": "cc5edc3e-d2b4-48df-807c-b9cdf447a8f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2022-25927", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mf5e4b4px32q", "content": "", "creation_timestamp": "2026-02-18T15:05:24.453977Z"}, {"uuid": "94c2df3d-4fe8-4cb2-a334-6993cd55740c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25927", "type": "seen", "source": "https://www.acn.gov.it/portale/w/aggiornamenti-di-sicurezza-prodotti-atlassian", "content": "", "creation_timestamp": "2026-02-20T13:38:22.000000Z"}, {"uuid": "2ab98ac1-b85e-4911-81e1-8ddd3b8ac211", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2592", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16204", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-2592\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service.\n\ud83d\udccf Published: 2022-10-17T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-13T19:16:27.656Z\n\ud83d\udd17 References:\n1. https://gitlab.com/gitlab-org/gitlab/-/issues/362566\n2. https://hackerone.com/reports/1544507\n3. https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2592.json", "creation_timestamp": "2025-05-13T19:30:59.000000Z"}, {"uuid": "e734b143-7a07-4465-bd54-be8e6d53a873", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25927", "type": "seen", "source": "https://t.me/cibsecurity/57006", "content": "\u203c CVE-2022-25927 \u203c\n\nVersions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-27T00:46:58.000000Z"}, {"uuid": "e5d25449-3d61-4efd-80a5-ae788eb93961", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25926", "type": "seen", "source": "https://t.me/cibsecurity/55906", "content": "\u203c CVE-2022-25926 \u203c\n\nVersions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper input sanitization.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-04T20:18:16.000000Z"}, {"uuid": "efa97cd5-5374-4eba-aa65-8351cbfd528c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25929", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12140", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-25929\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P)\n\ud83d\udd39 Description: The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to Cross-site Scripting (XSS) due to improper user input sanitization in strokeStyle and tooltipLabel properties. Exploiting this vulnerability is possible when the user can control these properties.\n\ud83d\udccf Published: 2022-12-21T23:14:33.786Z\n\ud83d\udccf Modified: 2025-04-16T18:32:19.005Z\n\ud83d\udd17 References:\n1. https://security.snyk.io/vuln/SNYK-JS-SMOOTHIE-3177364\n2. https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-3177368\n3. https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-3177369\n4. https://github.com/joewalnes/smoothie/commit/8e0920d50da82f4b6e605d56f41b69fbb9606a98\n5. https://github.com/joewalnes/smoothie/pull/147", "creation_timestamp": "2025-04-16T18:56:19.000000Z"}, {"uuid": "dcf69a40-e761-4d91-b22d-d4412e075be9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25929", "type": "seen", "source": "https://t.me/cibsecurity/55038", "content": "\u203c CVE-2022-25929 \u203c\n\nThe package smoothie from 1.31.0 and before 1.36.1 are vulnerable to Cross-site Scripting (XSS) due to improper user input sanitization in strokeStyle and tooltipLabel properties. Exploiting this vulnerability is possible when the user can control these properties.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-21T07:12:42.000000Z"}, {"uuid": "a5c1762a-1a4f-4d44-94d5-6a76915acab0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2592", "type": "seen", "source": "https://t.me/cibsecurity/51606", "content": "\u203c CVE-2022-2592 \u203c\n\nA lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-17T22:57:33.000000Z"}, {"uuid": "3d4da42b-e2eb-4e63-85e9-3b58dde8ef3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25927", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0314/", "content": "", "creation_timestamp": "2026-03-18T00:00:00.000000Z"}]}