{ "schema_version": "1.4.0", "id": "GHSA-jqhq-pfg3-fg5p", "modified": "2022-09-16T17:18:14Z", "published": "2022-09-08T00:00:30Z", "aliases": [ "CVE-2022-35513" ], "summary": "Blink1Control2 uses weak password encryption", "details": "The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage. Version 2.2.9 fixes the issue.", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "affected": [ { "package": { "ecosystem": "npm", "name": "Blink1Control2" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "2.2.9" } ] } ] } ], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35513" }, { "type": "WEB", "url": "https://github.com/todbot/Blink1Control2/issues/175" }, { "type": "WEB", "url": "https://github.com/todbot/Blink1Control2/commit/74827462aba3a26d7bf157522f69eec999d7ba85" }, { "type": "WEB", "url": "https://github.com/todbot/Blink1Control2/commit/cd9229ef9131bc663f714150c9f8d5cbf818d620" }, { "type": "WEB", "url": "https://github.com/todbot/Blink1Control2/commit/efe174823f67bbdcee8863e02df67a130f132075" }, { "type": "WEB", "url": "https://github.com/todbot/Blink1Control2/commit/f595d782d2356878188fed423a7dcb84ee8fee9d" }, { "type": "WEB", "url": "https://github.com/p1ckzi/CVE-2022-35513" }, { "type": "PACKAGE", "url": "https://github.com/todbot/Blink1Control2" }, { "type": "WEB", "url": "https://github.com/todbot/Blink1Control2/releases" }, { "type": "WEB", "url": "http://packetstormsecurity.com/files/168428/Blink1Control2-2.2.7-Weak-Password-Encryption.html" } ], "database_specific": { "cwe_ids": [ "CWE-326" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2022-09-16T17:18:14Z", "nvd_published_at": "2022-09-07T14:15:00Z" } }