pyRdfa3-3.5.3-py3-none-any.whl: 1 vulnerabilities (highest severity is: 5.4) #35
Description
Vulnerable Library - pyRdfa3-3.5.3-py3-none-any.whl
pyRdfa Libray
Library home page: https://files.pythonhosted.org/packages/01/40/8727792baf872086867db42eedf399734b9dd2800202c9a2727dc075301b/pyRdfa3-3.5.3-py3-none-any.whl
Found in HEAD commit: 653435dffecc04a7e4fcc7cbf73f04258b4cc039
Vulnerabilities
| CVE | Severity |  CVSS |
Dependency | Type | Fixed in (pyRdfa3 version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2022-4396 |  Medium |
5.4 | pyRdfa3-3.5.3-py3-none-any.whl | Direct | N/A | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2022-4396
Vulnerable Library - pyRdfa3-3.5.3-py3-none-any.whl
pyRdfa Libray
Library home page: https://files.pythonhosted.org/packages/01/40/8727792baf872086867db42eedf399734b9dd2800202c9a2727dc075301b/pyRdfa3-3.5.3-py3-none-any.whl
Dependency Hierarchy:
- ❌ pyRdfa3-3.5.3-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: 653435dffecc04a7e4fcc7cbf73f04258b4cc039
Found in base branch: main
Vulnerability Details
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in RDFlib pyrdfa3 and classified as problematic. This issue affects the function _get_option of the file pyRdfa/init.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is ffd1d62dd50d5f4190013b39cedcdfbd81f3ce3e. It is recommended to apply a patch to fix this issue. The identifier VDB-215249 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Publish Date: 2022-12-10
URL: CVE-2022-4396
CVSS 3 Score Details (5.4)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None