CVE-2022-23553Incorrect Authorization in Alpine

CWE-863Incorrect Authorization3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 48.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Stevespringett AlpineAlpine Project Alpine
Timeline
PublishedDec 28
Latest updateAug 5

Description

Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows URL access filter bypass. This issue has been fixed in version 1.10.4. There are no known workarounds.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5stevespringett/alpine< 1.10.4
NVDalpine_project/alpine< 1.10.4

🔴Vulnerability Details

2
GHSA
Alpine allows URL access filter bypass2024-08-05
OSV
Alpine allows URL access filter bypass2024-08-05