CVE-2022-1176: Access of Resource Using Incompatible Type ('Type Confusion')

April 1, 2022 (updated April 5, 2022)

Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96.

References

github.com/advisories/GHSA-5cmw-fhq9-8fhh
github.com/livehelperchat/livehelperchat/commit/72c0df160bfe9838c618652facef29af99392ce3
huntr.dev/bounties/3e30171b-c9bf-415c-82f1-6f55a44d09d3
nvd.nist.gov/vuln/detail/CVE-2022-1176

Detect and mitigate CVE-2022-1176 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →