CVE-2022-3869 — Froxlor vulnerable to code injection

Description

Code Injection in GitHub repository froxlor/froxlor prior to version 0.10.38.2. There are currently no known workarounds, please upgrade to version 0.10.38.2.

How to fix CVE-2022-3869

To remediate CVE-2022-3869, upgrade the affected package to a fixed version below.

Packagist/froxlor/froxlor—upgrade to 0.10.38.2 or later

Is CVE-2022-3869 being exploited?

Moderate — EPSS is 14.9%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

from 0, < 0.10.38.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References (4)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-3869
WEBgithub.com/froxlor/froxlor
WEBgithub.com/froxlor/froxlor/commit/3f10a4adede9df83408d60ded78b51b812a763a8
WEBhuntr.dev/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b