CVE-2022-38900
Aliases:GHSA-w573-4hg7-7wgq
Advisory lineage Upstream: 0 Downstream: 5
Modified
Published: 28 Nov 2022, 00:00
Last modified:25 Apr 2025, 19:50
Vulnerability Summary
Overall Risk (default)
medium
40/100 CVSS Score
7.5 HIGH
v3.1 (cve.org)
EPSS Score
0.43% LOW
0% probability -0.03%
KEV
Not listed
Ransomware
No reports
Public exploits
2 found
Dark Web
Not detected
Timeline
28 Nov 2022, 00:00
Published
Vulnerability first disclosed
25 Apr 2025, 19:50
Last Modified
Vulnerability information updated
Description
decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.
CVSS Metrics
- v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Trends
Current EPSS score: 0.43%• Percentile: 63%
Techniques & Countermeasures
- CWE-20•Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
- CWE-400•Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
Affected Systems
- decode-uri-component_project•decode-uri-component
0.2.0
- Npm•decode-uri-component
< 0.2.1
- wordpress•autoshare-for-twitter
≤ 1.2.1
References (17)
- https://github.com/SamVerschueren/decode-uri-component/issues/5
- https://github.com/sindresorhus/query-string/issues/345
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QABOUA2I542UTANVZIVFKWMRYVHLV32D/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW4SCMT3SEUFVIL7YIADQ5K36GJEO6I5/
- https://nvd.nist.gov/vuln/detail/CVE-2022-38900
- https://github.com/SamVerschueren/decode-uri-component/commit/746ca5dcb6667c5d364e782d53c542830e4c10b9
- https://github.com/SamVerschueren/decode-uri-component
- https://github.com/SamVerschueren/decode-uri-component/releases/tag/v0.2.1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QABOUA2I542UTANVZIVFKWMRYVHLV32D
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW4SCMT3SEUFVIL7YIADQ5K36GJEO6I5
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e3147a94-056a-4454-8815-44c0b9d1de81