CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-42002

SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 27.6%

CVSS Severity

CVSS v3 Score 9.1

References

https://github.com/lane711/sonicjs/tags
https://snyk.io/blog/graphql-security-static-analysis-snyk-code/
https://github.com/lane711/sonicjs/tags
https://snyk.io/blog/graphql-security-static-analysis-snyk-code/

Products affected by CVE-2022-42002

Sonicjs » Sonicjs » Version: Any

cpe:2.3:a:sonicjs:sonicjs:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-42002

Products

Pricing

Contact Us