How severe is CVE-2022-29254?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2022-29254?

This is classified as CWE-436, which is a common weakness in software security.

CVE-2022-29254

MEDIUM Year: 2022

CVSS v3 Score

6.5

Medium

CVSS v2 Score

5.8

Medium

Weakness Type

CWE-436

View all →

Vulnerability Description

silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways (those that use intermediary states like `isNotification()` or `isRedirect()`), if the payment identifier or success URL is exposed it is possible for payments to be prematurely marked as completed without payment being taken. This is mitigated by the fact that most payment gateways hide this information from users, however some issuing banks offer flawed 3DSecure implementations that may inadvertently expose this data. The following versions have been patched to fix this issue: `2.5.2`, `3.0.2`, `3.1.4`, and `3.2.1`. There are no known workarounds for this vulnerability.

CVE-2019-5892

MEDIUM

CVSS:6.5(Medium)

bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 (not affecting Cumulus Linux or VyOS), when ENABLE_BGP_VNC is used for...

CWE-4362019

CVE-2022-0011

MEDIUM

CVSS:6.5(Medium)

PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed (depending on your rules) regardless of their associated URL categ...

CWE-4362022

CVE-2023-29406

MEDIUM

CVSS:6.5(Medium)

The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses t...

CWE-4362023

CVE-2023-30536

MEDIUM

CVSS:6.5(Medium)

slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline (\n) into both the header names and values. While the specification states that...

CWE-4362023

CVE-2024-24753

MEDIUM

CVSS:6.5(Medium)

Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two head...

CWE-4362024

CVE-2023-39481

MEDIUM

CVSS:6.6(Medium)

Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing...

CWE-4362023

CVE-2022-29254

Vulnerability Description

Related Vulnerabilities

CVE-2019-5892

CVE-2022-0011

CVE-2023-29406

CVE-2023-30536

CVE-2024-24753

CVE-2023-39481