CVE-2023-3551

Description

Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.10.

How to fix CVE-2023-3551

To remediate CVE-2023-3551, upgrade the affected package to a fixed version below.

• Packagist/nilsteampassnet/teampass—upgrade to 3.0.10 or later

Is CVE-2023-3551 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 3.0.10

CVSS scores

References (4)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2023-3551
• PATCHgithub.com/nilsteampassnet/teampass
• WEBgithub.com/nilsteampassnet/teampass/commit/cc6abc76aa46ed4a27736c1d2f21e432a5d54e6f
• WEBhuntr.dev/bounties/cf8878ff-6cd9-49be-b313-7ac2a94fc7f7