Strix
26.1K

CVE-2022-27897

HIGHCVSS 7.5/10EPSS 0.62%

Last modified

CVE-2022-27897 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. An attacker could repeatedly upload a malicious zip file, which would allow them to exhaust memory resources on the dispatch server.. EPSS estimates a 0.62% chance of exploitation in the next 30 days.

Description

Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. An attacker could repeatedly upload a malicious zip file, which would allow them to exhaust memory resources on the dispatch server.

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability
0.62%

44.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
PalantirGotham< 3.22.11.2

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-27897?
Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. An attacker could repeatedly upload a malicious zip file, which would allow them to exhaust memory resources on the dispatch server.
How severe is CVE-2022-27897?
CVE-2022-27897 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 0.62% probability of exploitation in the next 30 days.
How do I fix CVE-2022-27897?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-27897?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST