Vulnerabilities > CVE-2019-12822 - Expression Language Injection vulnerability in Embedthis Goahead

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

embedthis

CWE-917

NVD

Published: 2019-06-14

Updated: 2021-07-21

Summary

In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself.

Vulnerable Configurations

Part	Description	Count
Application	Embedthis Embedthis Goahead - Embedthis Goahead 2.1.5 Embedthis Goahead 2.1.8 Embedthis Goahead 2.5.0 Embedthis Goahead 3.0.0 Embedthis Goahead 3.1.0 Embedthis Goahead 3.1.1 Embedthis Goahead 3.1.2 Embedthis Goahead 3.1.3 Embedthis Goahead 3.3.0 Embedthis Goahead 3.3.1 Embedthis Goahead 3.3.2 Embedthis Goahead 3.3.3 Embedthis Goahead 3.3.4 Embedthis Goahead 3.3.5 Embedthis Goahead 3.3.6 Embedthis Goahead 3.4.0 Embedthis Goahead 3.4.1 Embedthis Goahead 3.4.2 Embedthis Goahead 3.4.3 Embedthis Goahead 3.4.4 Embedthis Goahead 3.4.5 Embedthis Goahead 3.4.6 Embedthis Goahead 3.4.7 Embedthis Goahead 3.4.8 Embedthis Goahead 3.4.9 Embedthis Goahead 3.4.10 Embedthis Goahead 3.4.11 Embedthis Goahead 3.4.12 Embedthis Goahead 3.5.0 Embedthis Goahead 3.6.0 Embedthis Goahead 3.6.1 Embedthis Goahead 3.6.2 Embedthis Goahead 3.6.3 Embedthis Goahead 3.6.4 Embedthis Goahead 3.6.5 Embedthis Goahead 4.0.0 Embedthis Goahead 4.0.1 Embedthis Goahead 4.0.2 Embedthis Goahead 4.1.0 Embedthis Goahead 5.0.0	41

Common Weakness Enumeration (CWE)

CWE-917 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References