Vulnerability Details : CVE-2023-0247
Uncontrolled Search Path Element in GitHub repository bits-and-blooms/bloom prior to 3.3.1.
Exploit prediction scoring system (EPSS) score for CVE-2023-0247
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 23 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2023-0247
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
huntr.dev |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2023-0247
-
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.Assigned by: security@huntr.dev (Primary)
References for CVE-2023-0247
-
https://huntr.dev/bounties/cab50e44-0995-4ac1-a5d5-889293b9704f
RCE due to a dependency confusion vulnerability found in bloomExploit;Patch;Third Party Advisory
-
https://github.com/bits-and-blooms/bloom/commit/658f1393d4c52254a3d22f5f64f217405ec5fefb
Updating go.mod/go.sum · bits-and-blooms/bloom@658f139 · GitHubPatch;Third Party Advisory
Products affected by CVE-2023-0247
- cpe:2.3:a:bloom_project:bloom:*:*:*:*:*:go:*:*