Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2023-50728

Published: 15/12/2023 Updated: 19/12/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Octokit

Vulnerability Summary

octokit/webhooks is a GitHub webhook events toolset for Node.js. Starting in 9.26.0 and before 9.26.3, 10.9.2, 11.1.2, and 12.0.4, there is a problem caused by an issue with error handling in the @octokit/webhooks library because the error can be undefined in some cases. The resulting request was found to cause an uncaught exception that ends the nodejs process. The bug is fixed in octokit/webhooks.js 9.26.3, 10.9.2, 11.1.2, and 12.0.4, app.js 14.02, octokit.js 3.1.2, and Protobot 12.3.3.

Vulnerable Product Search on Vulmon Subscribe to Product

octokit octokit

octokit app 14.0.1

octokit webhooks

probot probot

Vendor Advisories

Red Hat:
Description<!---->An uncaught exception vulnerability was found in octokit webhooks An error may be undefined in some cases, and the resulting request can cause an uncaught exception that ends the nodejs processAn uncaught exception vulnerability was found in octokit webhooks An error may be undefined in some cases, and the resulting request can ...

References

CWE-755https://github.com/octokit/webhooks.js/security/advisories/GHSA-pwfr-8pq7-x9qvhttps://github.com/octokit/app.js/releases/tag/v14.0.2https://github.com/octokit/octokit.js/releases/tag/v3.1.2https://github.com/octokit/webhooks.js/releases/tag/v10.9.2https://github.com/octokit/webhooks.js/releases/tag/v11.1.2https://github.com/octokit/webhooks.js/releases/tag/v12.0.4https://github.com/octokit/webhooks.js/releases/tag/v9.26.3https://github.com/probot/probot/releases/tag/v12.3.3https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2023-50728
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028memory leaklog injectionCVE-2024-3400CVE-2022-48695CVE-2022-48675CVE-2024-34487CVE-2024-33792spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook