Lucene search

GoogleOSV:CVE-2022-38900

HistoryNov 28, 2022 - 1:15 p.m.

CVE-2022-38900

2022-11-2813:15:10

Google

osv.dev

7.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.7%

decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.

CPENameOperatorVersion
decode-uri-componenteq0.2.0
decode-uri-componenteq0.1.0

CPE	Name	Operator	Version
	decode-uri-component	eq	0.2.0
	decode-uri-component	eq	0.1.0

References

github.com/SamVerschueren/decode-uri-component/issues/5

github.com/sindresorhus/query-string/issues/345

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QABOUA2I542UTANVZIVFKWMRYVHLV32D/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW4SCMT3SEUFVIL7YIADQ5K36GJEO6I5/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/