CVE-2022-3959— drogon Session Hash small space of random values
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-3959
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
drogon Session Hash small space of random values
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability, which was classified as problematic, has been found in drogon up to 1.8.1. Affected by this issue is some unknown functionality of the component Session Hash Handler. The manipulation leads to small space of random values. The attack may be launched remotely. Upgrading to version 1.8.2 is able to address this issue. The name of the patch is c0d48da99f66aaada17bcd28b07741cac8697647. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213464.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用不充分的随机数
Source: NVD (National Vulnerability Database)
Vulnerability Title
Drogon 安全特征问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Drogon是开源的一个基于 C++14/17 的 HTTP 应用程序框架。Drogon 可用于使用 C++ 轻松构建各种类型的 Web 应用程序服务器程序。 Drogon 1.8.1及之前版本存在安全漏洞,该漏洞源于了Session Hash组件的未知功能,攻击者利用该漏洞可以导致随机值的小空间。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| unspecified | drogon | 1.8.0 | - |
II. Public POCs for CVE-2022-3959
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-3959
请登录查看更多情报信息。
Same Patch Batch · unspecified · 2022-11-11 · 3 CVEs total
| CVE-2022-3941 | 5.3 MEDIUM | Activity Log Plugin HTTP Header neutralization for logs |
| CVE-2022-3957 | 4.3 MEDIUM | GPAC SVG Parser svg_attributes.c svg_parse_preserveaspectratio memory leak |
IV. Related Vulnerabilities
Same weakness: CWE-330
- CVE-2026-42155
Magento LTS: Weak API Session ID — Predictable MD5 of Time-D - CVE-2026-7847
chatchat-space Langchain-Chatchat Uploaded File openai_route - CVE-2026-40975
VMware Spring Boot 安全特征问题漏洞 - CVE-2026-40496
FreeScout has Predictable Attachment Token that Allows Unaut - CVE-2026-40306
DNN has same HostGUID for all new installs
V. Comments for CVE-2022-3959
No comments yet