Skip to content

pyRdfa3 Cross-site Scripting vulnerability

Moderate severity GitHub Reviewed Published Dec 10, 2022 to the GitHub Advisory Database • Updated Apr 8, 2024

Package

pip pyRdfa3 (pip)

Affected versions

<= 3.5.3

Patched versions

3.6.2

Description

A vulnerability was found in RDFlib pyrdfa3 and classified as problematic. This issue affects the function _get_option of the file pyRdfa/__init__.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is ffd1d62dd50d5f4190013b39cedcdfbd81f3ce3e. It is recommended to apply a patch to fix this issue. The identifier VDB-215249 was assigned to this vulnerability.

References

Published by the National Vulnerability Database Dec 10, 2022
Published to the GitHub Advisory Database Dec 10, 2022
Reviewed Dec 13, 2022
Last updated Apr 8, 2024

Severity

Moderate
5.4
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
Low
User interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Weaknesses

CVE ID

CVE-2022-4396

GHSA ID

GHSA-894q-wpg5-mf2h

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.