CVE-2019-25089

low-risk

Published 2022-12-27

A vulnerability has been found in Morgawr Muon 0.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file src/muon/handler.clj. The manipulation leads to insufficiently random values. The attack can be launched remotely. Upgrading to version 0.2.0-indev is able to address this issue. The name of the patch is c09ed972c020f759110c707b06ca2644f0bacd7f. It is recommended to upgrade the affected component. The identifier VDB-216877 was assigned to this vulnerability.

Do I need to act?

0.29% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.1/10 Low

NETWORK / HIGH complexity

Affected Products (1)

Muon

Affected Vendors

Muon Project

References (8)

Patch https://github.com/Morgawr/Muon/commit/c09ed972c020f759110c707b06ca2644f0bacd7f

Issue Tracking https://github.com/Morgawr/Muon/issues/4

Third Party Advisory https://vuldb.com/?ctiid.216877

Third Party Advisory https://vuldb.com/?id.216877

Patch https://github.com/Morgawr/Muon/commit/c09ed972c020f759110c707b06ca2644f0bacd7f

Issue Tracking https://github.com/Morgawr/Muon/issues/4

Third Party Advisory https://vuldb.com/?ctiid.216877

Third Party Advisory https://vuldb.com/?id.216877

/ 100

low-risk

Severity 11/34 · Low

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal