{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T01:16:08.863","vulnerabilities":[{"cve":{"id":"CVE-2022-31026","sourceIdentifier":"security-advisories@github.com","published":"2022-06-09T13:15:08.457","lastModified":"2024-11-21T07:03:44.403","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should upgrade to version 2.1.1 This issue can be avoided by only connecting to trusted servers."},{"lang":"es","value":"Trilogy es una biblioteca cliente para MySQL. Cuando es autenticado, un servidor malicioso podría devolver un paquete de autenticación especialmente diseñado, causando que el cliente lea y devuelva hasta 12 bytes de datos de una variable no inicializada en la memoria de la pila. Los usuarios de la gema trilogía deberían actualizar a versión 2.1.1. Este problema puede evitarse conectándose únicamente a servidores confiables"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-908"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:trilogy_project:trilogy:*:*:*:*:*:ruby:*:*","versionEndExcluding":"2.1.1","matchCriteriaId":"9DBD25C5-280A-4303-8AEA-1389C45EB652"}]}]}],"references":[{"url":"https://github.com/github/trilogy/commit/6bed62789eaf119902b0fe247d2a91d56c31a962","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/github/trilogy/security/advisories/GHSA-5g4r-2qhx-vqfm","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/github/trilogy/commit/6bed62789eaf119902b0fe247d2a91d56c31a962","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/github/trilogy/security/advisories/GHSA-5g4r-2qhx-vqfm","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}