CVE-2022-3607

MEDIUM
Published Oct 19, 20223y ago · Modified Jun 17, 20261w ago
6.0 CVSS 3.1
Medium
Find Similar
Published Oct 19, 2022 3y ago
Last Modified Jun 17, 2026 1w ago

Description

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3.

CVSS Details

Base Score
6.0
Exploitability
1.5
Impact
4.0
Vector string
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Attack Vector Local
Attack Complexity Low
Privileges Required High
User Interaction None
Scope Changed
Confidentiality High
Integrity None
Availability None

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 2

CWE-74
CWE-75

Affected Products 1

VendorProductVersionRange
octoprintoctoprint* <1.8.3

References 2

  • github.com https://github.com/octoprint/octoprint/commit/3cca3a43f3d085e9bbe5a5840c8255bb1b5d052e
    PatchThird Party Advisory
  • huntr.dev https://huntr.dev/bounties/2d1db3c9-93e8-4902-a55b-5ea53c22aa11
    ExploitThird Party Advisory

Remediation

  • github.com https://github.com/octoprint/octoprint/commit/3cca3a43f3d085e9bbe5a5840c8255bb1b5d052e
    PatchThird Party Advisory