← Back

CVE-2022-3959

nvd nist
Published: Nov 11, 2022Modified: Nov 21, 2024

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

A vulnerability, which was classified as problematic, has been found in drogon up to 1.8.1. Affected by this issue is some unknown functionality of the component Session Hash Handler. The manipulation leads to small space of random values. The attack may be launched remotely. Upgrading to version 1.8.2 is able to address this issue. The name of the patch is c0d48da99f66aaada17bcd28b07741cac8697647. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213464.

Affected (1)

Products: Drogon: Drogon
Drogon
1 product
Drogon
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Drogon
Before 1.8.2

Related CWEs

CWE-330
Use of Insufficiently Random Values
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

References (8)

Source: cna@vuldb.com
PatchThird Party Advisory
Source: cna@vuldb.com
PatchThird Party Advisory
Source: cna@vuldb.com
Release NotesThird Party Advisory
Source: cna@vuldb.com
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry

Timeline

No history available yet.