GHSA-5xw2-57jx-pgjp

Опубликовано: 02 дек. 2025

Источник: github

Github: Прошло ревью

CVSS4: 8.8

Описание

GrapesJsBuilder File Upload allows all file uploads

Summary

Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted.

Impact

If the media folder is not restricted from running files this can lead to a remote code execution.

Ссылки

Пакеты

Наименование

mautic/grapes-js-builder-bundle

composer

Затронутые версииВерсия исправления

>= 4.0.0, < 4.4.18

4.4.18

Наименование

mautic/grapes-js-builder-bundle

composer

Затронутые версииВерсия исправления

>= 5.0.0, < 5.2.9

5.2.9

Наименование

mautic/grapes-js-builder-bundle

composer

Затронутые версииВерсия исправления

>= 6.0.0, < 6.0.7

6.0.7

EPSS

Процентиль: 57%

0.00344

Низкий

8.8 High

CVSS4

CVE ID

CVE-2025-13827

Дефекты

CWE-434

Связанные уязвимости

CVE-2025-13827

nvd

2 месяца назад

Summary Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. ImpactIf the media folder is not restricted from running files this can lead to a remote code execution.

EPSS

Процентиль: 57%

0.00344

Низкий

8.8 High

CVSS4

CVE ID

CVE-2025-13827

Дефекты

CWE-434