CVE-2023-50728

HIGH Year: 2023
CVSS v3 Score
7.5
High
Weakness Type
CWE-755
View all →

Vulnerability Description

octokit/webhooks is a GitHub webhook events toolset for Node.js. Starting in 9.26.0 and prior to 9.26.3, 10.9.2, 11.1.2, and 12.0.4, there is a problem caused by an issue with error handling in the @octokit/webhooks library because the error can be undefined in some cases. The resulting request was found to cause an uncaught exception that ends the nodejs process. The bug is fixed in octokit/webhooks.js 9.26.3, 10.9.2, 11.1.2, and 12.0.4, app.js 14.02, octokit.js 3.1.2, and Protobot 12.3.3.

Related Vulnerabilities

CVE-2011-4625

HIGH
CVSS:7.5(High)

simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages.

CWE-7552011

CVE-2012-1109

HIGH
CVSS:7.5(High)

mwlib 0.13 through 0.13.4 has a denial of service vulnerability when parsing #iferror magic functions

CWE-7552012

CVE-2015-2688

HIGH
CVSS:7.5(High)

buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of serv...

CWE-7552015

CVE-2016-11026

HIGH
CVSS:7.5(High)

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. BootReceiver allows attackers to trigger a system crash because of incorrect exception handling. The Sa...

CWE-7552016

CVE-2017-13199

HIGH
CVSS:7.5(High)

In Bitmap.ccp if Bitmap.nativeCreate fails an out of memory exception is not thrown leading to a java.io.IOException later on. This could lead to a remote denial of service of a critical system proces...

CWE-7552017

CVE-2017-14178

HIGH
CVSS:7.5(High)

In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's acces...

CWE-7552017