GHSA-258H-F687-4226

Vulnerability from github – Published: 2024-07-31 21:04 – Updated: 2024-11-12 19:39
VLAI
Summary
PheonixAppAPI has visible Encoding Maps
Details

Impact

This is a kind of moderate issue. The impact is not big for normal users but can be for users who want to secure their code/files/etc.

The issue is that the map of encoding/decoding languages are visible in code.

Patches

The Problem was patched in 0.2.5, so you should try to upgrade to the 0.2.5 version.

For 0.2.5 version users

Please run the post_install.py file inside the Scripts folder after downloading from pip.

Workarounds

There is a fix to this problem but it requires modifying the code. Modifying the code can lead to more issues.

References

There are currently no references to this problem.

NOTE: If you get a error regarding a function like -> get_key() or something like that, please re-run the file post_install.py inside Scripts folder

Severity
4.4 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.3 (Medium)
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "PheonixAppAPI"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-41951"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-323"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-07-31T21:04:28Z",
    "nvd_published_at": "2024-07-31T20:15:06Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nThis is a kind of moderate issue. The impact is not big for normal users but can be for users who want to secure their code/files/etc.\n\nThe issue is that the map of encoding/decoding languages are visible in code. \n\n### Patches\nThe Problem was patched in 0.2.5, so you should try to upgrade to the 0.2.5 version.\n\n### For 0.2.5 version users\nPlease run the post_install.py file inside the Scripts folder after downloading from pip.\n\n### Workarounds\nThere is a fix to this problem but it requires modifying the code. Modifying the code can lead to more issues.\n\n### References\nThere are currently no references to this problem.\n\n### NOTE: If you get a error regarding a function like -\u003e get_key() or something like that, please re-run the file post_install.py inside Scripts folder\n",
  "id": "GHSA-258h-f687-4226",
  "modified": "2024-11-12T19:39:08Z",
  "published": "2024-07-31T21:04:28Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/AkshuDev/PheonixAppAPI/security/advisories/GHSA-258h-f687-4226"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41951"
    },
    {
      "type": "WEB",
      "url": "https://github.com/AkshuDev/PheonixAppAPI/commit/0937419e323f5ea9013d43dc1b82fef9d7e05044"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/AkshuDev/PheonixAppAPI"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "PheonixAppAPI has visible Encoding Maps"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.