exploitDog

GHSA-4gxx-54gw-qwch

Опубликовано: 09 апр. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 9.4

CVSS3: 9.8

Описание

Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution

Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution

Ссылки

EPSS

Процентиль: 75%

0.00858

Низкий

9.4 Critical

CVSS4

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-94

Связанные уязвимости

CVE-2025-3115

CVSS3: 9.8

nvd

10 месяцев назад

Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution

EPSS

Процентиль: 75%

0.00858

Низкий

9.4 Critical

CVSS4

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-94