Cyber Resilience

CVE-2022-4891

LowPublic PoC

Published: 17 January 2023

Published
17 January 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 3.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
EPSS Score 0.0032 55.6th percentile
Risk Priority 7 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-4891 is a low-severity Inefficient Regular Expression Complexity (CWE-1333) vulnerability in Libsisimai Sisimai. Its CVSS base score is 3.5 (Low).

Operationally, ranked in the top 44.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

A vulnerability has been found in Sisimai up to 4.25.14p11 and classified as problematic. This vulnerability affects the function to_plain of the file lib/sisimai/string.rb. The manipulation leads to inefficient regular expression complexity. The exploit has been disclosed to the public…

more

and may be used. Upgrading to version 4.25.14p12 is able to address this issue. The name of the patch is 51fe2e6521c9c02b421b383943dc9e4bbbe65d4e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218452.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

libsisimai
sisimai
4.25.14 · ≤ 4.25.14

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References