Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2022-25881

Published: 31/01/2023 Updated: 07/11/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Http-cache-semantics

Vulnerability Summary

This affects versions of the package http-cache-semantics prior to 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

http-cache-semantics project http-cache-semantics

Vendor Advisories

Red Hat: Moderate: Red Hat Advanced Cluster Management 2.6.5 security updates and bug fixes
Synopsis Moderate: Red Hat Advanced Cluster Management 265 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Red Hat Advanced Cluster Management for Kubernetes 265 GeneralAvailability release images, which fix bugs and security updates container imagesRed Hat Product Security has rated this update as having a ...
Red Hat: Moderate: Multicluster Engine for Kubernetes 2.1.6 security updates and bug fixes
Synopsis Moderate: Multicluster Engine for Kubernetes 216 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Multicluster Engine for Kubernetes 216 General Availability release images, which fix bugs and security updates container imagesRed Hat Product Security has rated this update as having a security impact ...
Red Hat: Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update
Synopsis Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9 ...
Red Hat: Moderate: nodejs:18 security, bug fix, and enhancement update
Synopsis Moderate: nodejs:18 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8Red Hat Product Secu ...
Red Hat: Moderate: Red Hat Advanced Cluster Management 2.5.8 security updates and bug fixes
Synopsis Moderate: Red Hat Advanced Cluster Management 258 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Red Hat Advanced Cluster Management for Kubernetes 258 GeneralAvailability release images, which fix bugs and security updates container imagesRed Hat Product Security has rated this update as having a ...
Red Hat: Moderate: Multicluster Engine for Kubernetes 2.0.8 security updates and bug fixes
Synopsis Moderate: Multicluster Engine for Kubernetes 208 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Multicluster Engine for Kubernetes 208 General Availability release images, which fix bugs and security updates container imagesRed Hat Product Security has rated this update as having a security impact ...
Red Hat: Important: rh-nodejs14-nodejs security, bug fix, and enhancement update
Synopsis Important: rh-nodejs14-nodejs security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for rh-nodejs14-nodejs is now available for Red Hat Software CollectionsRed Hat P ...
Red Hat: Critical: Multicluster Engine for Kubernetes 2.2.3 security updates and bug fixes
Synopsis Critical: Multicluster Engine for Kubernetes 223 security updates and bug fixes Type/Severity Security Advisory: Critical Topic Multicluster Engine for Kubernetes 223 General Availability release images, which fix bugs and security updates container imagesRed Hat Product Security has rated this update as having a security impact ...
Red Hat: Important: nodejs security, bug fix, and enhancement update
Synopsis Important: nodejs security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for nodejs is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat P ...
Red Hat: Important: Service Registry (container images) release and security update [2.4.3 GA]
Synopsis Important: Service Registry (container images) release and security update [243 GA] Type/Severity Security Advisory: Important Topic An update to the images for Red Hat Integration - Service Registry is now available from the Red Hat Container Catalog The purpose of this text-only errata is to inform you about the security issues ...
Red Hat: Moderate: nodejs:16 security, bug fix, and enhancement update
Synopsis Moderate: nodejs:16 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8Red Hat Product Secu ...
Red Hat: Important: nodejs:14 security, bug fix, and enhancement update
Synopsis Important: nodejs:14 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8Red Hat Product Se ...
Red Hat: Critical: Red Hat Advanced Cluster Management 2.7.3 security fixes and bug fixes
Synopsis Critical: Red Hat Advanced Cluster Management 273 security fixes and bug fixes Type/Severity Security Advisory: Critical Topic Red Hat Advanced Cluster Management for Kubernetes 273 GeneralAvailability release images, which fix bugs and security updates container imagesRed Hat Product Security has rated this update as having a s ...
Red Hat: Important: nodejs:14 security, bug fix, and enhancement update
Synopsis Important: nodejs:14 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 86 Extended Update ...
Red Hat: Important: nodejs:14 security, bug fix, and enhancement update
Synopsis Important: nodejs:14 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 84 Extended Update ...
Red Hat:
DescriptionThe MITRE CVE dictionary describes this issue as: This affects versions of the package http-cache-semantics before 411 The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library ...

Github Repositories

https://github.com/mhc-cs/cs-316-project-primespiders

cs-316-project-primespiders created by GitHub Classroom

Recovery Ventures This repository holds a React app and an Express app used for the Recovery Ventures website This repository is not being actively maintained and has known security vulnerabilities so it is being archived Knwon vulnerabilities: http-cache-semantics - CVE-2022-25881 sequelize - multiple vulnerabilities dns-packet - CVE-2021-23386 How to Run Recovery Ventures

References

CWE-1333https://security.snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783https://github.com/kornelski/http-cache-semantics/blob/master/index.js%23L83https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3253332https://security.netapp.com/advisory/ntap-20230622-0008/https://nvd.nist.govhttps://github.com/mhc-cs/cs-316-project-primespidershttps://access.redhat.com/errata/RHSA-2023:2083https://access.redhat.com/security/cve/cve-2022-25881
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook