CVE-2022-3607

low-risk
Published 2022-10-19

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3.

Do I need to act?

-
0.22% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.0/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Affected Vendors

Octoprint

References (4)

Patch https://github.com/octoprint/octoprint/commit/3cca3a43f3d085e9bbe5a5840c8255bb1b...
Exploit https://huntr.dev/bounties/2d1db3c9-93e8-4902-a55b-5ea53c22aa11
Patch https://github.com/octoprint/octoprint/commit/3cca3a43f3d085e9bbe5a5840c8255bb1b...
Exploit https://huntr.dev/bounties/2d1db3c9-93e8-4902-a55b-5ea53c22aa11
26
/ 100
low-risk
Severity 20/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal