CVE-2022-23773
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-23773
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
cmd/go 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Google Go Cmd/go是美国谷歌(Google)公司的一个为Go语言提供命令支持的代码库。 cmd/go存在安全漏洞,该漏洞源于cmd进入1.16.14和1.17之前的go。X在1.17.7之前可能会错误地将分支名称理解为版本标记。如果参与者应该能够创建分支而不是标记,那么这可能会导致不正确的访问控制。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2022-23773
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | PoC repro of CVE-2022-23773 in Go | https://github.com/danbudris/CVE-2022-23773-repro | POC Details |
| 2 | None | https://github.com/danbudris/CVE-2022-23773-repro-target | POC Details |
| 3 | None | https://github.com/YouShengLiu/CVE-2022-23773-Reproduce | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-23773
请登录查看更多情报信息。
- https://security.netapp.com/advisory/ntap-20220225-0006/x_refsource_CONFIRM
- https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQx_refsource_MISC
- https://www.oracle.com/security-alerts/cpujul2022.htmlx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2022-23773
Same Patch Batch · n/a · 2022-02-11 · 68 CVEs total
| CVE-2021-23555 | 9.8 CRITICAL | Sandbox Bypass |
| CVE-2021-23597 | 7.5 HIGH | Denial of Service (DoS) |
| CVE-2021-22787 | Schneider Electric Modicon M340 输入验证错误漏洞 | |
| CVE-2021-45387 | AppNeta tcpreplay 安全漏洞 | |
| CVE-2021-45386 | Appneta Tcpreplay 安全漏洞 | |
| CVE-2021-42940 | Projeqtor 安全漏洞 | |
| CVE-2021-44111 | S-cart 路径遍历漏洞 | |
| CVE-2021-31932 | Nokia BTS TRS web console 安全漏洞 | |
| CVE-2021-22748 | Schneider Electric C-Bus Toolkit 路径遍历漏洞 | |
| CVE-2021-22796 | Schneider Electric 多款产品授权问题漏洞 | |
| CVE-2021-22785 | Schneider Electric 多款产品信息泄露漏洞 | |
| CVE-2021-45385 | ffjpeg 代码问题漏洞 | |
| CVE-2021-22798 | Schneider Electric Conext™ComBox 安全漏洞 | |
| CVE-2021-22788 | Schneider Electric 多款产品缓冲区错误漏洞 | |
| CVE-2021-22806 | Schneider Electric 多款产品安全漏洞 | |
| CVE-2021-22801 | Schneider Electric ConneXium Network Manager Software 安全漏洞 | |
| CVE-2021-22803 | Schneider Electric IGSS 代码问题漏洞 | |
| CVE-2021-22802 | Schneider Electric IGSS 安全漏洞 | |
| CVE-2021-22804 | Schneider Electric IGSS 路径遍历漏洞 | |
| CVE-2021-22805 | Schneider Electric IGSS 访问控制错误漏洞 |
Showing top 20 of 68 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
V. Comments for CVE-2022-23773
No comments yet