CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-25906

All versions of the package is-http2 are vulnerable to Command Injection due to missing input sanitization or other checks, and sandboxes being employed to the isH2 function.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 27.6%

CVSS Severity

CVSS v3 Score 7.4

References

https://github.com/stefanjudis/is-http2/blob/master/index.js%23L23
https://security.snyk.io/vuln/SNYK-JS-ISHTTP2-3153878
https://github.com/stefanjudis/is-http2/blob/master/index.js%23L23
https://security.snyk.io/vuln/SNYK-JS-ISHTTP2-3153878

Products affected by CVE-2022-25906

Is-Http2 Project » Is-Http2 » Version: N/A

cpe:2.3:a:is-http2_project:is-http2:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-25906

Products

Pricing

Contact Us