VDB

CVE-2023-50728

CVE-2023-50728 PUBLISHED CVSS 5.400000095367432 MEDIUM

octokit/webhooks is a GitHub webhook events toolset for Node.js. Starting in 9.26.0 and prior to 9.26.3, 10.9.2, 11.1.2, and 12.0.4, there is a problem caused by an issue with error handling in the @octokit/webhooks library because the error can be undefined in some cases. The resulting request was found to cause an uncaught exception that ends the nodejs process. The bug is fixed in octokit/webhooks.js 9.26.3, 10.9.2, 11.1.2, and 12.0.4, app.js 14.02, octokit.js 3.1.2, and Protobot 12.3.3.

EPSS 0.48% · 65.3th percentile

Risk Scores

CVSS v3.1
5.400000095367432
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
EPSS Score
0.48%
65.3th percentile

Affected Products

VendorProductVersions
npmoctokit0, 0
octokitapp14.0.1, 14.0.1, 14.0.1
octokitapp14.0.1, 14.0.1
octokitwebhooks11.0.0, 10.0.0, 0
octokitwebhooks11.0.0, 0, 12.0.0
npmprobot0, 0
octokitoctokit0, 0
octokitwebhooks.js>= 12.0.0, < 12.0.4, >= 10.9.0, < 10.9.2, >= 11.1.0, < 11.1.2
probotprobot0, 0

Timeline

  • Jan 21, 1970 Security Advisory
  • Dec 15, 2023 CVE Published
  • Dec 16, 2023 EPSS Score
  • Jan 4, 2024 PoC Published
  • Jan 11, 2024 PoC Published
  • Jan 14, 2024 EPSS Score
  • Feb 12, 2024 EPSS Score
  • Apr 10, 2024 EPSS Score
  • May 10, 2024 EPSS Score
  • Jun 8, 2024 EPSS Score
  • Jul 7, 2024 EPSS Score
  • Aug 5, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›