Vulnerability DatabaseCVE-2022-3971
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2022-3971
November 13, 2022
A vulnerability was found in matrix-appservice-irc up to 0.35.1. It has been declared as critical. This vulnerability affects unknown code of the file src/datastore/postgres/PgDataStore.ts. The manipulation of the argument roomIds leads to sql injection. Upgrading to version 0.36.0 is able to address this issue. The name of the patch is 179313a37f06b298150edba3e2b0e5a73c1415e7. It is recommended to upgrade the affected component. VDB-213550 is the identifier assigned to this vulnerability.
Affected Packages
matrix-appservice-irc (NPM):
Affected version(s) >=0.1.0 <0.36.0
Fix Suggestion:
Update to version 0.36.0
Related Resources (6)
https://github.com/matrix-org/matrix-appservice-irc
https://nvd.nist.gov/vuln/detail/CVE-2022-3971
https://github.com/matrix-org/matrix-appservice-irc/pull/1619
https://vuldb.com/?id.213550
https://github.com/matrix-org/matrix-appservice-irc/releases/tag/0.36.0
https://github.com/matrix-org/matrix-appservice-irc/commit/179313a37f06b298150edba3e2b0e5a73c1415e7
Do you need more information?
Contact Us
CVSS v4
Base Score:
2.1
Attack Vector
ADJACENT
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
4.6
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW
Weakness Type (CWE)
Improper Neutralization
CWE-707
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-89
EPSS
Base Score:
0.24