Vulnerabilites related to AdminerEvo - AdminerEvo
cve-2023-45195
Vulnerability from cvelistv5
Published
2024-06-24 21:06
Modified
2024-08-02 20:14
Severity ?
EPSS score ?
Summary
Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Adminer | Adminer |
Version: 0 < Version: cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:* cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:* cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:* |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-45195", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-25T14:34:53.587598Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-25T14:35:33.373Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T20:14:19.950Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/adminerevo/adminerevo/pull/102/commits/18f3167bbcbec3bc746f62db72e016aa99144efc", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:*", "cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "Adminer", vendor: "Adminer", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, { lessThanOrEqual: "cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*", status: "affected", version: "cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:*", versionType: "cpe", }, ], }, { cpes: [ "cpe:2.3:a:adminerevo:adminerevo:4.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:adminerevo:adminerevo:4.8.4:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "AdminerEvo", repo: "https://github.com/adminerevo/adminerevo", vendor: "AdminerEvo", versions: [ { lessThan: "4.8.4", status: "affected", version: "4.8.2", versionType: "custom", }, { lessThan: "cpe:2.3:a:adminerevo:adminerevo:4.8.4:*:*:*:*:*:*:*", status: "affected", version: "cpe:2.3:a:adminerevo:adminerevo:0:*:*:*:*:*:*:*", versionType: "cpe", }, ], }, ], datePublic: "2024-04-07T15:37:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. <span style=\"background-color: var(--wht);\">Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.</span></p><p></p>", }, ], value: "Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.", }, ], metrics: [ { cvssV4_0: { Automatable: "YES", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", baseScore: 6.9, baseSeverity: "MEDIUM", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "LOW", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/AU:Y", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "NONE", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-918", description: "CWE-918 Server-Side Request Forgery (SSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-24T21:06:09.735Z", orgId: "9119a7d8-5eab-497f-8521-727c672e3725", shortName: "cisa-cg", }, references: [ { tags: [ "patch", ], url: "https://github.com/adminerevo/adminerevo/pull/102/commits/18f3167bbcbec3bc746f62db72e016aa99144efc", }, ], source: { discovery: "UNKNOWN", }, title: "Adminer and AdminerEvo SSRF", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9119a7d8-5eab-497f-8521-727c672e3725", assignerShortName: "cisa-cg", cveId: "CVE-2023-45195", datePublished: "2024-06-24T21:06:09.735Z", dateReserved: "2023-10-05T03:54:13.664Z", dateUpdated: "2024-08-02T20:14:19.950Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-45197
Vulnerability from cvelistv5
Published
2024-06-21 14:28
Modified
2024-08-02 20:14
Severity ?
EPSS score ?
Summary
The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.3.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Adminer | Adminer |
Version: 0 < Version: cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:* cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:* cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:* |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-45197", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-21T16:13:59.794884Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-21T16:14:14.814Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T20:14:19.841Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/adminerevo/adminerevo/commit/1cc06d6a1005fd833fa009701badd5641627a1d4", }, { tags: [ "release-notes", "x_transferred", ], url: "https://github.com/adminerevo/adminerevo/releases/tag/v4.8.3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:*", "cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "Adminer", vendor: "Adminer", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, { lessThanOrEqual: "cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*", status: "affected", version: "cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:*", versionType: "cpe", }, ], }, { cpes: [ "cpe:2.3:a:adminerevo:adminerevo:4.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:adminerevo:adminerevo:4.8.3:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "AdminerEvo", programFiles: [ "plugins/file-upload.php", ], repo: "https://github.com/adminerevo/adminerevo", vendor: "AdminerEvo", versions: [ { lessThan: "4.8.3", status: "affected", version: "4.8.2", versionType: "custom", }, { lessThan: "cpe:2.3:a:adminerevo:adminerevo:4.8.3:*:*:*:*:*:*:*", status: "affected", version: "cpe:2.3:a:adminerevo:adminerevo:0:*:*:*:*:*:*:*", versionType: "cpe", }, ], }, ], datePublic: "2023-10-29T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.3.</p>", }, ], value: "The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.3.", }, ], metrics: [ { cvssV4_0: { Automatable: "YES", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "HIGH", attackRequirements: "NONE", attackVector: "NETWORK", baseScore: 9.2, baseSeverity: "CRITICAL", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "LOW", subConfidentialityImpact: "LOW", subIntegrityImpact: "LOW", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/AU:Y", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "HIGH", vulnIntegrityImpact: "HIGH", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-434", description: "CWE-434 Unrestricted Upload of File with Dangerous Type", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-22", description: "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-24T20:27:12.198Z", orgId: "9119a7d8-5eab-497f-8521-727c672e3725", shortName: "cisa-cg", }, references: [ { tags: [ "patch", ], url: "https://github.com/adminerevo/adminerevo/commit/1cc06d6a1005fd833fa009701badd5641627a1d4", }, { tags: [ "release-notes", ], url: "https://github.com/adminerevo/adminerevo/releases/tag/v4.8.3", }, ], source: { discovery: "UNKNOWN", }, title: "Adminer and AdminerEvo vulnerable to directory traversal and file upload", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9119a7d8-5eab-497f-8521-727c672e3725", assignerShortName: "cisa-cg", cveId: "CVE-2023-45197", datePublished: "2024-06-21T14:28:36.476Z", dateReserved: "2023-10-05T03:54:13.664Z", dateUpdated: "2024-08-02T20:14:19.841Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-45196
Vulnerability from cvelistv5
Published
2024-06-24 20:48
Modified
2024-08-02 20:14
Severity ?
EPSS score ?
Summary
Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Adminer | Adminer |
Version: 0 < Version: cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:* cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:* cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:* |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-45196", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-25T13:20:08.611689Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-25T13:20:53.512Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T20:14:20.034Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/adminerevo/adminerevo/pull/102/commits/23e7cdc0a32b3739e13d19ae504be0fe215142b6", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:*", "cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "Adminer", vendor: "Adminer", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, { lessThanOrEqual: "cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*", status: "affected", version: "cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:*", versionType: "cpe", }, ], }, { cpes: [ "cpe:2.3:a:adminerevo:adminerevo:4.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:adminerevo:adminerevo:4.8.4:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "AdminerEvo", repo: "https://github.com/adminerevo/adminerevo", vendor: "AdminerEvo", versions: [ { lessThan: "4.8.4", status: "affected", version: "4.8.2", versionType: "custom", }, { lessThan: "cpe:2.3:a:adminerevo:adminerevo:4.8.4:*:*:*:*:*:*:*", status: "affected", version: "cpe:2.3:a:adminerevo:adminerevo:0:*:*:*:*:*:*:*", versionType: "cpe", }, ], }, ], datePublic: "2024-04-07T15:37:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p></p><p></p><p>Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits. <span style=\"background-color: var(--wht);\">Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.</span></p><p></p><p></p>", }, ], value: "Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.", }, ], metrics: [ { cvssV4_0: { Automatable: "YES", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", baseScore: 6.9, baseSeverity: "MEDIUM", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/AU:Y", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "NONE", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-24T20:48:21.534Z", orgId: "9119a7d8-5eab-497f-8521-727c672e3725", shortName: "cisa-cg", }, references: [ { tags: [ "patch", ], url: "https://github.com/adminerevo/adminerevo/pull/102/commits/23e7cdc0a32b3739e13d19ae504be0fe215142b6", }, ], source: { discovery: "UNKNOWN", }, title: "Adminer and AdminerEvo denial of service via HTTP redirect", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9119a7d8-5eab-497f-8521-727c672e3725", assignerShortName: "cisa-cg", cveId: "CVE-2023-45196", datePublished: "2024-06-24T20:48:21.534Z", dateReserved: "2023-10-05T03:54:13.664Z", dateUpdated: "2024-08-02T20:14:20.034Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2024-06-21 15:15
Modified
2024-11-21 08:26
Severity ?
Summary
The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.3.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adminerevo | adminerevo | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:adminerevo:adminerevo:*:*:*:*:*:*:*:*", matchCriteriaId: "DCD7F783-BAAA-4824-AE44-CC5D0FE9D14F", versionEndExcluding: "4.8.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.3.", }, { lang: "es", value: "El complemento de carga de archivos en Adminer y AdminerEvo permite a un atacante cargar un archivo con un nombre de tabla \"...\" en la raíz del directorio de Adminer. El atacante puede adivinar efectivamente el nombre del archivo cargado y ejecutarlo. Adminer ya no es compatible, pero este problema se solucionó en la versión 4.8.3 de AdminerEvo.", }, ], id: "CVE-2023-45197", lastModified: "2024-11-21T08:26:31.893", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "YES", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "HIGH", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 9.2, baseSeverity: "CRITICAL", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "LOW", subConfidentialityImpact: "LOW", subIntegrityImpact: "LOW", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "HIGH", vulnIntegrityImpact: "HIGH", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "9119a7d8-5eab-497f-8521-727c672e3725", type: "Secondary", }, ], }, published: "2024-06-21T15:15:15.647", references: [ { source: "9119a7d8-5eab-497f-8521-727c672e3725", tags: [ "Patch", ], url: "https://github.com/adminerevo/adminerevo/commit/1cc06d6a1005fd833fa009701badd5641627a1d4", }, { source: "9119a7d8-5eab-497f-8521-727c672e3725", url: "https://github.com/adminerevo/adminerevo/releases/tag/v4.8.3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/adminerevo/adminerevo/commit/1cc06d6a1005fd833fa009701badd5641627a1d4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/adminerevo/adminerevo/releases/tag/v4.8.3", }, ], sourceIdentifier: "9119a7d8-5eab-497f-8521-727c672e3725", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, { lang: "en", value: "CWE-434", }, ], source: "9119a7d8-5eab-497f-8521-727c672e3725", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-434", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }