{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-24T16:28:23.792","vulnerabilities":[{"cve":{"id":"CVE-2022-31140","sourceIdentifier":"security-advisories@github.com","published":"2022-07-11T20:15:08.747","lastModified":"2026-06-17T04:44:53.380","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Valinor is a PHP library that helps to map any input into a strongly-typed value object structure. Prior to version 0.12.0, Valinor can use `Throwable#getMessage()` when it should not have permission to do so. This is a problem with cases such as an SQL exception showing an SQL snippet, a database connection exception showing database IP address/username/password, or a timeout detail / out of memory detail. Attackers could use this information for potential data exfiltration, denial of service attacks, enumeration attacks, etc. Version 0.12.0 contains a patch for this vulnerability."},{"lang":"es","value":"Valinor es una biblioteca de PHP que ayuda a mapear cualquier entrada en una estructura de objetos de valor fuertemente tipados. En versiones anteriores a 0.12.0, Valinor puede usar \"Throwable#getMessage()\" cuando no debería tener permiso para hacerlo. Esto es un problema en casos como una excepción SQL que muestra un fragmento de SQL, una excepción de conexión a la base de datos que muestra la dirección IP/nombre de usuario/contraseña de la base de datos, o un detalle de tiempo de espera / detalle de memoria agotada. Los atacantes podrían usar esta información para una potencial exfiltración de datos, ataques de denegación de servicio, ataques de enumeración, etc. La versión 0.12.0 contiene un parche para esta vulnerabilidad"}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"CuyZ","product":"Valinor","versions":[{"version":"< 0.12.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:P","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-04-22T15:40:23.748293Z","id":"CVE-2022-31140","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-209"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cuyz:valinor:*:*:*:*:*:*:*:*","versionEndExcluding":"0.12.0","matchCriteriaId":"336B8945-62B0-4D76-A833-33F74C1DD0AF"}]}]}],"references":[{"url":"https://github.com/CuyZ/Valinor/releases/tag/0.12.0","source":"security-advisories@github.com","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/CuyZ/Valinor/security/advisories/GHSA-5pgm-3j3g-2rc7","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/CuyZ/Valinor/releases/tag/0.12.0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/CuyZ/Valinor/security/advisories/GHSA-5pgm-3j3g-2rc7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}