CVE-2022-1289 MEDIUM

CVE-2022-1289: tildearrow Furnace Incomplete Fix CVE-2022-1211 denial of service

Vendor Tildearrow
Product Furnace
Weakness CWE-404
Published April 10, 2022
Last update April 15, 2025

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce.

Key dates

02Disclosure timeline

April 10, 2022 CVE published
April 15, 2025 Record updated