CVE-2023-50728
MEDIUM
5,4
Source: [email protected]
Attack Vector: adjacent_network
Attack Complexity: high
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: none
Integrity: low
Availability: high
Description
AI Translation Available
octokit/webhooks is a GitHub webhook events toolset for Node.js. Starting in 9.26.0 and prior to 9.26.3, 10.9.2, 11.1.2, and 12.0.4, there is a problem caused by an issue with error handling in the @octokit/webhooks library because the error can be undefined in some cases. The resulting request was found to cause an uncaught exception that ends the nodejs process. The bug is fixed in octokit/webhooks.js 9.26.3, 10.9.2, 11.1.2, and 12.0.4, app.js 14.02, octokit.js 3.1.2, and Protobot 12.3.3.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0048
Percentile
0,6th
Updated
EPSS Score Trend (Last 90 Days)
755
Improper Handling of Exceptional Conditions
IncompleteCommon Consequences
Security Scopes Affected:
Other
Potential Impacts:
Other
Applicable Platforms
All platforms may be affected
Application
Webhooks by Octokit
Version Range Affected
From
12.0.0
(inclusive)
To
12.0.4
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:octokit:webhooks:*:*:*:*:*:node.js:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Webhooks by Octokit
Version Range Affected
From
11.0.0
(inclusive)
To
11.1.2
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:octokit:webhooks:*:*:*:*:*:node.js:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Webhooks by Octokit
Version Range Affected
To
9.26.3
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:octokit:webhooks:*:*:*:*:*:node.js:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
App by Octokit
CPE Identifier
View Detailed Analysis
cpe:2.3:a:octokit:app:14.0.1:*:*:*:*:node.js:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Webhooks by Octokit
Version Range Affected
From
10.0.0
(inclusive)
To
10.9.2
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:octokit:webhooks:*:*:*:*:*:node.js:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Probot by Probot
Version Range Affected
To
12.3.3
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:probot:probot:*:*:*:*:*:node.js:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Octokit by Octokit
Version Range Affected
To
3.1.2
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:octokit:octokit:*:*:*:*:*:node.js:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/octokit/app.js/releases/tag/v14.0.2
https://github.com/octokit/octokit.js/releases/tag/v3.1.2
https://github.com/octokit/webhooks.js/releases/tag/v10.9.2
https://github.com/octokit/webhooks.js/releases/tag/v11.1.2
https://github.com/octokit/webhooks.js/releases/tag/v12.0.4
https://github.com/octokit/webhooks.js/releases/tag/v9.26.3
https://github.com/octokit/webhooks.js/security/advisories/GHSA-pwfr-8pq7-x9qv
https://github.com/probot/probot/releases/tag/v12.3.3
https://github.com/octokit/app.js/releases/tag/v14.0.2
https://github.com/octokit/octokit.js/releases/tag/v3.1.2
https://github.com/octokit/webhooks.js/releases/tag/v10.9.2
https://github.com/octokit/webhooks.js/releases/tag/v11.1.2
https://github.com/octokit/webhooks.js/releases/tag/v12.0.4
https://github.com/octokit/webhooks.js/releases/tag/v9.26.3
https://github.com/octokit/webhooks.js/security/advisories/GHSA-pwfr-8pq7-x9qv
https://github.com/probot/probot/releases/tag/v12.3.3