Vulnerabilities > CVE-2022-1561

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

luraproject

krakend

NVD

Published: 2022-08-01

Updated: 2024-11-21

Summary

Lura and KrakenD-CE versions older than v2.0.2 and KrakenD-EE versions older than v2.0.0 do not sanitize URL parameters correctly, allowing a malicious user to alter the backend URL defined for a pipe when remote users send crafty URL requests. The vulnerability does not affect KrakenD itself, but the consumed backend might be vulnerable.

Vulnerable Configurations

Part	Description	Count
Application	Luraproject Luraproject Lura - Luraproject Lura 0.1 Luraproject Lura 0.2 Luraproject Lura 0.3 Luraproject Lura 0.4 Luraproject Lura 0.4.1 Luraproject Lura 0.4.2 Luraproject Lura 0.5 Luraproject Lura 0.6.0 Luraproject Lura 0.6.1 Luraproject Lura 0.7.0 Luraproject Lura 0.8.0 Luraproject Lura 0.9.0 Luraproject Lura 1.0.0 Luraproject Lura 1.1.0 Luraproject Lura 1.1.1 Luraproject Lura 1.2.0 Luraproject Lura 1.3.0 Luraproject Lura 1.4.0 Luraproject Lura 1.4.1 Luraproject Lura 2.0.0 Luraproject Lura 2.0.1	22
Application	Krakend Krakend Krakend - Krakend Krakend 2.0.2	3

Vulnerabilities > CVE-2022-1561 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2022-1561"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2022-1561