CVE-2022-39824

HIGH8.9EPSS 0.70%

Published: 3/6/2024Modified: 4/3/2025

Also known as:BIT-appsmith-2022-39824

Description

Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbitrary JavaScript code from the server via the currentItem property of the list widget, e.g., to perform DoS attacks or achieve an information leak.

Affected packages (1)

Bitnami/appsmithfrom 0, < 1.7.15

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:H

References (3)

WEBhttps://github.com/appsmithorg/appsmith/releases
WEBhttps://github.com/FCncdn/Appsmith-Js-Injection-POC
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2022-39824