Vulnerabilities > CVE-2022-23553 - Unspecified vulnerability in Alpine Project Alpine

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

alpine-project

NVD

Published: 2022-12-28

Updated: 2023-07-11

Summary

Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows URL access filter bypass. This issue has been fixed in version 1.10.4. There are no known workarounds.

Vulnerable Configurations

Part	Description	Count
Application	Alpine_Project Alpine Project Alpine *	1

References

https://github.com/stevespringett/Alpine/blob/alpine-parent-1.10.2/alpine/src/main/java/alpine/filters/WhitelistUrlFilter.java#L115-L127
https://github.com/stevespringett/Alpine/blob/alpine-parent-1.10.2/alpine/src/main/java/alpine/filters/BlacklistUrlFilter.java#L107-L121
https://securitylab.github.com/advisories/GHSL-2021-1009-Alpine/