GHSA-3g6c-88pf-m46f

Опубликовано: 13 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 8.8

Описание

Bolt Cross Site Request Forgery (CSRF)

Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file.

Ссылки

Пакеты

Наименование

bolt/bolt

composer

Затронутые версииВерсия исправления

= 3.6.6

3.6.7

EPSS

Процентиль: 61%

0.00415

Низкий

8.8 High

CVSS3

CVE ID

CVE-2019-10874

Дефекты

CWE-352

Связанные уязвимости

CVE-2019-10874

CVSS3: 8.8

nvd

почти 7 лет назад

Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file.

EPSS

Процентиль: 61%

0.00415

Низкий

8.8 High

CVSS3

CVE ID

CVE-2019-10874

Дефекты

CWE-352