CVE-2022-3600
published 2022-11-21CVE-2022-3600: The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection.
PriorityP342critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.22%
64.8th percentile
The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| awesomemotive | easy_digital_downloads | < 3.1.0.2 | 3.1.0.2 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w3w2-8hq7-8fmw: The Easy Digital Downloads WordPress plugin before 3
ghsa_unreviewed·2022-11-21
CVE-2022-3600 [CRITICAL] CWE-1236 GHSA-w3w2-8hq7-8fmw: The Easy Digital Downloads WordPress plugin before 3
The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection.
Red Hat
kernel: net: sched: fix memory leak in tcindex_set_parms
vendor_redhat·2025-09-18·CVSS 5.5
CVE-2022-50396 [MEDIUM] CWE-401 kernel: net: sched: fix memory leak in tcindex_set_parms
kernel: net: sched: fix memory leak in tcindex_set_parms
In the Linux kernel, the following vulnerability has been resolved:
net: sched: fix memory leak in tcindex_set_parms
Syzkaller reports a memory leak as follows:
BUG: memory leak
unreferenced object 0xffff88810c287f00 (size 256):
comm "syz-executor105", pid 3600, jiffies 4294943292 (age 12.990s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[] kmalloc_trace+0x20/0x90 mm/slab_common.c:1046
[] kmalloc include/linux/slab.h:576 [inline]
[] kmalloc_array include/linux/slab.h:627 [inline]
[] kcalloc include/linux/slab.h:659 [inline]
[] tcf_exts_init include/net/pkt_cls.h:250 [inline]
[] tcindex_set_parms+0xa7/0xbe0 net/
Suricata
ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2022-1471 Vulnerable Server Detected Version 6.13.x - 6.15.x M2
suricata·2023-12-12·CVSS 8.3
CVE-2022-1471 [HIGH] ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2022-1471 Vulnerable Server Detected Version 6.13.x - 6.15.x M2
ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2022-1471 Vulnerable Server Detected Version 6.13.x - 6.15.x M2
Rule: alert http [$HOME_NET,$HTTP_SERVERS] any -> any any (msg:"ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2022-1471 Vulnerable Server Detected Version 6.13.x - 6.15.x M2"; flow:established,to_client; http.header_names; to_lowercase; content:"|0d 0a|x-confluence-request-time|0d 0a|"; nocase; http.response_body; content:"|3c|li|20|class|3d 22|print|2d|only|22 3e|Printed|20|by|20|Atlassian|20|Confluence|20|6.1"; fast_pattern; pcre:"/^[345]\./R"; threshold:type limit, count 1, seconds 3600, track by_src; reference:url,confluence.atlassian.com/security/cve-2022-1471-snakeyaml-library-rce-vulnerability-in-multiple-products-1296171009.html; reference:cve,2022-1471; classtype:web-appl
Suricata
ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2022-1471 Vulnerable Server Detected Version 7.x M2
suricata·2023-12-12·CVSS 8.3
CVE-2022-1471 [HIGH] ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2022-1471 Vulnerable Server Detected Version 7.x M2
ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2022-1471 Vulnerable Server Detected Version 7.x M2
Rule: alert http [$HOME_NET,$HTTP_SERVERS] any -> any any (msg:"ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2022-1471 Vulnerable Server Detected Version 7.x M2"; flow:established,to_client; http.header_names; to_lowercase; content:"|0d 0a|x-confluence-request-time|0d 0a|"; nocase; http.response_body; content:"|3c|li|20|class|3d 22|print|2d|only|22 3e|Printed|20|by|20|Atlassian|20|Confluence|20|7|2e|"; fast_pattern; pcre:"/^(?:1(?:3\.(?:[023456789]|1[01234567]?)|[01245678]?\.|9\.\d)|(?:[03456789]|20?)\.)/R"; threshold:type limit, count 1, seconds 3600, track by_src; reference:url,confluence.atlassian.com/security/cve-2022-1471-snakeyaml-library-rce-vulnerability-in-multiple-products-12961710
Suricata
ET WEB_SPECIFIC_APPS Atlassian Jira CVE-2022-1471 Vulnerable Server Detected Version 9.4 - 9.11.1 M2
suricata·2023-12-12·CVSS 8.3
CVE-2022-1471 [HIGH] ET WEB_SPECIFIC_APPS Atlassian Jira CVE-2022-1471 Vulnerable Server Detected Version 9.4 - 9.11.1 M2
ET WEB_SPECIFIC_APPS Atlassian Jira CVE-2022-1471 Vulnerable Server Detected Version 9.4 - 9.11.1 M2
Rule: alert http [$HOME_NET,$HTTP_SERVERS] any -> any any (msg:"ET WEB_SPECIFIC_APPS Atlassian Jira CVE-2022-1471 Vulnerable Server Detected Version 9.4 - 9.11.1 M2"; flow:established,to_client; http.response_body; content:"data|2d|name|3d 22|jira|22 20|data|2d|version|3d 22|9|2e|"; fast_pattern; pcre:"/^(?:4\.(?:[023456789]|1[012]?)|1(?:1\.[01]|0\.)|[56789]\.)/R"; threshold:type limit, count 1, seconds 3600, track by_src; reference:url,confluence.atlassian.com/security/cve-2022-1471-snakeyaml-library-rce-vulnerability-in-multiple-products-1296171009.html; reference:cve,2022-1471; classtype:web-application-activity; sid:2049646; rev:1; metadata:affected_product Atlassian, attack_target Web
Suricata
ET WEB_SPECIFIC_APPS Atlassian Bitbucket CVE-2022-1471 Vulnerable Server Detected Version 7.17.x - 7.21.15
suricata·2023-12-12·CVSS 8.3
CVE-2022-1471 [HIGH] ET WEB_SPECIFIC_APPS Atlassian Bitbucket CVE-2022-1471 Vulnerable Server Detected Version 7.17.x - 7.21.15
ET WEB_SPECIFIC_APPS Atlassian Bitbucket CVE-2022-1471 Vulnerable Server Detected Version 7.17.x - 7.21.15
Rule: alert http [$HOME_NET,$HTTP_SERVERS] any -> any any (msg:"ET WEB_SPECIFIC_APPS Atlassian Bitbucket CVE-2022-1471 Vulnerable Server Detected Version 7.17.x - 7.21.15"; flow:established,to_client; http.response_body; content:"Atlassian|20|Bitbucket|20 3c|span|20|"; fast_pattern; content:"data|2d|system|2d|build|2d|number|3d 22|"; within:250; content:"|22 3e 20|v7|2e|"; within:50; pcre:"/^(?:2(?:1\.(?:[023456789]|1[012345]?)|0\.)|1[789]\.)/R"; threshold:type limit, count 1, seconds 3600, track by_src; reference:url,confluence.atlassian.com/security/cve-2022-1471-snakeyaml-library-rce-vulnerability-in-multiple-products-1296171009.html; reference:cve,2022-1471; classtype:web-applica
Suricata
ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2022-1471 Vulnerable Server Detected Version 8.0 - 8.3 M2
suricata·2023-12-12·CVSS 8.3
CVE-2022-1471 [HIGH] ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2022-1471 Vulnerable Server Detected Version 8.0 - 8.3 M2
ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2022-1471 Vulnerable Server Detected Version 8.0 - 8.3 M2
Rule: alert http [$HOME_NET,$HTTP_SERVERS] any -> any any (msg:"ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2022-1471 Vulnerable Server Detected Version 8.0 - 8.3 M2"; flow:established,to_client; http.header_names; to_lowercase; content:"|0d 0a|x-confluence-request-time|0d 0a|"; nocase; http.response_body; content:"|3c|li|20|class|3d 22|print|2d|only|22 3e|Printed|20|by|20|Atlassian|20|Confluence|20|8|2e|"; fast_pattern; pcre:"/^(?:[012]\.|3\.0)/R"; threshold:type limit, count 1, seconds 3600, track by_src; reference:url,confluence.atlassian.com/security/cve-2022-1471-snakeyaml-library-rce-vulnerability-in-multiple-products-1296171009.html; reference:cve,2022-1471; classtype:web-appli
Suricata
ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2022-1471 Vulnerable Server Detected Version 6.13.x - 6.15.x M1
suricata·2023-12-12·CVSS 8.3
CVE-2022-1471 [HIGH] ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2022-1471 Vulnerable Server Detected Version 6.13.x - 6.15.x M1
ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2022-1471 Vulnerable Server Detected Version 6.13.x - 6.15.x M1
Rule: alert http [$HOME_NET,$HTTP_SERVERS] any -> any any (msg:"ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2022-1471 Vulnerable Server Detected Version 6.13.x - 6.15.x M1"; flow:established,to_client; http.header_names; to_lowercase; content:"|0d 0a|x-confluence-request-time|0d 0a|"; nocase; http.response_body; content:"|3c|meta|20|name|3d 22|ajs|2d|version|2d|number|22 20|content|3d 22|6.1"; fast_pattern; pcre:"/^[345]\./R"; threshold:type limit, count 1, seconds 3600, track by_src; reference:url,confluence.atlassian.com/security/cve-2022-1471-snakeyaml-library-rce-vulnerability-in-multiple-products-1296171009.html; reference:cve,2022-1471; classtype:web-application-activity;
Suricata
ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2022-1471 Vulnerable Server Detected Version 8.0 - 8.3 M1
suricata·2023-12-12·CVSS 8.3
CVE-2022-1471 [HIGH] ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2022-1471 Vulnerable Server Detected Version 8.0 - 8.3 M1
ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2022-1471 Vulnerable Server Detected Version 8.0 - 8.3 M1
Rule: alert http [$HOME_NET,$HTTP_SERVERS] any -> any any (msg:"ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2022-1471 Vulnerable Server Detected Version 8.0 - 8.3 M1"; flow:established,to_client; http.header_names; to_lowercase; content:"|0d 0a|x-confluence-request-time|0d 0a|"; nocase; http.response_body; content:"|3c|meta|20|name|3d 22|ajs|2d|version|2d|number|22 20|content|3d 22|8|2e|"; fast_pattern; pcre:"/^(?:[012]\.|3\.0)/R"; threshold:type limit, count 1, seconds 3600, track by_src; reference:url,confluence.atlassian.com/security/cve-2022-1471-snakeyaml-library-rce-vulnerability-in-multiple-products-1296171009.html; reference:cve,2022-1471; classtype:web-application-activity; s
Suricata
ET WEB_SPECIFIC_APPS Atlassian Jira CVE-2022-1471 Vulnerable Server Detected Version 9.4 - 9.11.1 M1
suricata·2023-12-12·CVSS 8.3
CVE-2022-1471 [HIGH] ET WEB_SPECIFIC_APPS Atlassian Jira CVE-2022-1471 Vulnerable Server Detected Version 9.4 - 9.11.1 M1
ET WEB_SPECIFIC_APPS Atlassian Jira CVE-2022-1471 Vulnerable Server Detected Version 9.4 - 9.11.1 M1
Rule: alert http [$HOME_NET,$HTTP_SERVERS] any -> any any (msg:"ET WEB_SPECIFIC_APPS Atlassian Jira CVE-2022-1471 Vulnerable Server Detected Version 9.4 - 9.11.1 M1"; flow:established,to_client; http.response_body; content:"|3c|meta|20|name|3d 22|ajs|2d|version|2d|number|22 20|content|3d 22|9|2e|"; fast_pattern; pcre:"/^(?:4\.(?:[023456789]|1[012]?)|1(?:1\.[01]|0\.)|[56789]\.)/R"; threshold:type limit, count 1, seconds 3600, track by_src; reference:url,confluence.atlassian.com/security/cve-2022-1471-snakeyaml-library-rce-vulnerability-in-multiple-products-1296171009.html; reference:cve,2022-1471; classtype:web-application-activity; sid:2049645; rev:1; metadata:affected_product Atlassian, a
Suricata
ET WEB_SPECIFIC_APPS Atlassian Bitbucket CVE-2022-1471 Vulnerable Server Detected Version 8.0 - 8.12.0
suricata·2023-12-12·CVSS 8.3
CVE-2022-1471 [HIGH] ET WEB_SPECIFIC_APPS Atlassian Bitbucket CVE-2022-1471 Vulnerable Server Detected Version 8.0 - 8.12.0
ET WEB_SPECIFIC_APPS Atlassian Bitbucket CVE-2022-1471 Vulnerable Server Detected Version 8.0 - 8.12.0
Rule: alert http [$HOME_NET,$HTTP_SERVERS] any -> any any (msg:"ET WEB_SPECIFIC_APPS Atlassian Bitbucket CVE-2022-1471 Vulnerable Server Detected Version 8.0 - 8.12.0"; flow:established,to_client; http.response_body; content:"Atlassian|20|Bitbucket|20 3c|span|20|"; fast_pattern; content:"data|2d|system|2d|build|2d|number|3d 22|"; within:250; content:"|22 3e 20|v8|2e|"; within:50; pcre:"/^(?:1(?:0\.[0123]|1\.[012]|2\.0|\.)|8\.[0123456]|[0234567]\.|9\.[0123])/R"; threshold:type limit, count 1, seconds 3600, track by_src; reference:url,confluence.atlassian.com/security/cve-2022-1471-snakeyaml-library-rce-vulnerability-in-multiple-products-1296171009.html; reference:cve,2022-1471; classtype:
Suricata
ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2022-1471 Vulnerable Server Detected Version 7.x M1
suricata·2023-12-12·CVSS 8.3
CVE-2022-1471 [HIGH] ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2022-1471 Vulnerable Server Detected Version 7.x M1
ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2022-1471 Vulnerable Server Detected Version 7.x M1
Rule: alert http [$HOME_NET,$HTTP_SERVERS] any -> any any (msg:"ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2022-1471 Vulnerable Server Detected Version 7.x M1"; flow:established,to_client; http.header_names; to_lowercase; content:"|0d 0a|x-confluence-request-time|0d 0a|"; nocase; http.response_body; content:"|3c|meta|20|name|3d 22|ajs|2d|version|2d|number|22 20|content|3d 22|7|2e|"; fast_pattern; pcre:"/^(?:1(?:3\.(?:[023456789]|1[01234567]?)|[01245678]?\.|9\.\d)|(?:[03456789]|20?)\.)/R"; threshold:type limit, count 1, seconds 3600, track by_src; reference:url,confluence.atlassian.com/security/cve-2022-1471-snakeyaml-library-rce-vulnerability-in-multiple-products-1296171009.html; reference
No public exploits indexed.
No writeups or analysis indexed.
2022-11-21
Published