Vulnerabilities > CVE-2022-42002 - Out-of-bounds Write vulnerability in Sonicjs

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

sonicjs

CWE-787

critical

NVD

Published: 2022-10-01

Updated: 2022-10-04

Summary

SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete.

Vulnerable Configurations

Part	Description	Count
Application	Sonicjs Sonicjs Sonicjs *	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://snyk.io/blog/graphql-security-static-analysis-snyk-code/
https://github.com/lane711/sonicjs/tags