{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T10:13:45.527","vulnerabilities":[{"cve":{"id":"CVE-2022-46151","sourceIdentifier":"security-advisories@github.com","published":"2022-12-06T01:15:09.813","lastModified":"2024-11-21T07:30:12.687","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Querybook is an open source data querying UI. In affected versions user provided data is not escaped in the error field of the auth callback url in `querybook/server/app/auth/oauth_auth.py` and `querybook/server/app/auth/okta_auth.py`. This may allow attackers to perform reflected cross site scripting (XSS) if Content Security Policy (CSP) is not enabled or `unsafe-inline` is allowed. Users are advised to upgrade to the latest, patched version of querybook (version 3.14.2 or greater). Users unable to upgrade may enable CSP and not allow unsafe-inline or manually escape query parameters in a reverse proxy."},{"lang":"es","value":"Querybook es una interfaz de usuario de consulta de datos de código abierto. En las versiones afectadas, los datos proporcionados por el usuario no se escapan en el campo de error de la URL de devolución de llamada de autenticación en `querybook/server/app/auth/oauth_auth.py` y `querybook/server/app/auth/okta_auth.py`. Esto puede permitir a los atacantes realizar Cross-Site Scripting (XSS) Reflejado si la Política de seguridad de contenido (CSP) no está habilitada o si se permite \"inseguro en línea\". Se recomienda a los usuarios que actualicen a la última versión parcheada de querybook (versión 3.14.2 o superior). Los usuarios que no puedan actualizar pueden habilitar CSP y no permitir parámetros de consulta en línea inseguros o de escape manual en un proxy inverso."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pinterest:querybook:*:*:*:*:*:*:*:*","versionEndExcluding":"3.14.2","matchCriteriaId":"01CEA186-46D3-4EC5-AA59-D643B007274C"}]}]}],"references":[{"url":"https://github.com/pinterest/querybook/commit/88a7f10495bf5ed1a556ade51a2f2794e403c063","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/pinterest/querybook/security/advisories/GHSA-mrrw-9wf7-xq6w","source":"security-advisories@github.com","tags":["Mitigation","Third Party Advisory"]},{"url":"https://github.com/pinterest/querybook/commit/88a7f10495bf5ed1a556ade51a2f2794e403c063","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/pinterest/querybook/security/advisories/GHSA-mrrw-9wf7-xq6w","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory"]}]}}]}