exploitDog

GHSA-5x8p-x36c-4gwr

Опубликовано: 04 нояб. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 7.5

Описание

CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE.

CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE.

Ссылки

EPSS

Процентиль: 67%

0.00536

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-611

CWE-776

Связанные уязвимости

CVE-2022-42745

CVSS3: 7.5

nvd

больше 3 лет назад

CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE.

EPSS

Процентиль: 67%

0.00536

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-611

CWE-776