cbcvebase.

Benbusby Whoogle-Search vulnerabilities

4 known vulnerabilities affecting benbusby/whoogle-search.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2024-22205P2CRITICALCVSS 9.8fixed in 0.8.42024-01-23
CVE-2024-22205 [CRITICAL] CWE-918 CVE-2024-22205: Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the `window` endpoin Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the `window` endpoint does not sanitize user-supplied input from the `location` variable and passes it to the `send` method which sends a `GET` request on lines 339-343 in `request.py,` which leads to a server-side request forgery. This issue allows for crafting GET re
nvd
CVE-2024-22203P3CRITICALCVSS 9.8fixed in 0.8.42024-01-23
CVE-2024-22203 [CRITICAL] CWE-918 CVE-2024-22203: Whoogle Search is a self-hosted metasearch engine. In versions prior to 0.8.4, the `element` method Whoogle Search is a self-hosted metasearch engine. In versions prior to 0.8.4, the `element` method in `app/routes.py` does not validate the user-controlled `src_type` and `element_url` variables and passes them to the `send` method which sends a GET request on lines 339-343 in `request.py`, which leads to a server-side request forgery. This issue
nvd
CVE-2024-22204P4MEDIUMCVSS 5.3fixed in 0.8.42024-01-23
CVE-2024-22204 [MEDIUM] CWE-22 CVE-2024-22204: Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and prior have a limited file writ Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and prior have a limited file write vulnerability when the configuration options in Whoogle are enabled. The `config` function in `app/routes.py` does not validate the user-controlled `name` variable on line 447 and `config_data` variable on line 437. The `name` variable is insecurely
nvd
CVE-2024-22417P4MEDIUMCVSS 6.1fixed in 0.8.42024-01-23
CVE-2024-22417 [MEDIUM] CWE-79 CVE-2024-22417: Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the `element` method Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the `element` method in `app/routes.py` does not validate the user-controlled `src_type` and `element_url` variables and passes them to the `send` method which sends a `GET` request on lines 339-343 in `requests.py`. The returned contents of the URL are then passed to and
nvd
Benbusby Whoogle-Search vulnerabilities | cvebase