{ "schema_version": "1.4.0", "id": "GHSA-894q-wpg5-mf2h", "modified": "2024-04-08T17:20:47Z", "published": "2022-12-10T12:30:18Z", "aliases": [ "CVE-2022-4396" ], "summary": "pyRdfa3 Cross-site Scripting vulnerability", "details": "A vulnerability was found in RDFlib pyrdfa3 and classified as problematic. This issue affects the function `_get_option` of the file `pyRdfa/__init__.py`. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is ffd1d62dd50d5f4190013b39cedcdfbd81f3ce3e. It is recommended to apply a patch to fix this issue. The identifier VDB-215249 was assigned to this vulnerability.", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "affected": [ { "package": { "ecosystem": "PyPI", "name": "pyRdfa3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "3.6.2" } ] } ], "database_specific": { "last_known_affected_version_range": "<= 3.5.3" } } ], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4396" }, { "type": "WEB", "url": "https://github.com/RDFLib/pyrdfa3/issues/38" }, { "type": "WEB", "url": "https://github.com/RDFLib/pyrdfa3/pull/40" }, { "type": "WEB", "url": "https://github.com/RDFLib/pyrdfa3/commit/ffd1d62dd50d5f4190013b39cedcdfbd81f3ce3e" }, { "type": "PACKAGE", "url": "https://github.com/RDFLib/pyrdfa3" }, { "type": "WEB", "url": "https://vuldb.com/?id.215249" } ], "database_specific": { "cwe_ids": [ "CWE-707", "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-12-13T19:32:22Z", "nvd_published_at": "2022-12-10T12:15:00Z" } }