Vulnerability Description
A vulnerability, which was classified as critical, has been found in abhilash1985 PredictApp. This issue affects some unknown processing of the file config/initializers/new_framework_defaults_7_0.rb of the component Cookie Handler. The manipulation leads to deserialization. The attack may be initiated remotely. The patch is named b067372f3ee26fe1b657121f0f41883ff4461a06. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218387.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Predictapp Project | Predictapp | < 2022-03-20 |
Related Weaknesses (CWE)
References
- https://github.com/abhilash1985/PredictApp/commit/b067372f3ee26fe1b657121f0f4188Patch
- https://github.com/abhilash1985/PredictApp/pull/73Patch
- https://vuldb.com/?ctiid.218387Permissions Required
- https://vuldb.com/?id.218387Permissions Required
- https://github.com/abhilash1985/PredictApp/commit/b067372f3ee26fe1b657121f0f4188Patch
- https://github.com/abhilash1985/PredictApp/pull/73Patch
- https://vuldb.com/?ctiid.218387Permissions Required
- https://vuldb.com/?id.218387Permissions Required
FAQ
What is CVE-2022-4890?
CVE-2022-4890 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability, which was classified as critical, has been found in abhilash1985 PredictApp. This issue affects some unknown processing of the file config/initializers/new_framework_defaults_7_0.rb o...
How severe is CVE-2022-4890?
CVE-2022-4890 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-4890?
Check the references section above for vendor advisories and patch information. Affected products include: Predictapp Project Predictapp.