Raneto Denial of Service via crafted payload injected into `Search` parameter
- Severity:
- High
Description
An issue in Renato v0.17.0 allows attackers to cause a Denial of Service (DoS) via a crafted payload injected into the Search parameter.
Recommendation
Update the raneto package to the latest compatible version. Followings are version details:
- Affected version(s): <= 0.17.0
- Patched version(s): 0.17.1
References
- GHSA-xxc2-j7jj-6g5m
- cwe.mitre.org
- gainsec.com
- raneto.com
- CVE-2022-35142
- CWE-287
- CAPEC-310
- OWASP 2021-A6
- OWASP 2021-A7
Related Issues
- tiny-secp256k1 allows for verify() bypass when running in bundled environment - CVE-2024-49365
- Astro's server source code is exposed to the public if sourcemaps are enabled - CVE-2024-56159
- google-translate-api-browser Server-Side Request Forgery (SSRF) Vulnerability - CVE-2023-48711
- Raneto vulnerable to Cross-site Scripting - CVE-2022-35144
- Tags:
- npm
- raneto
Anything's wrong? Let us know Last updated on January 31, 2023