exploitDog

GHSA-6jx7-223w-6cf7

Опубликовано: 25 фев. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

An XML External Entity (XXE) vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to /urule/common/saveFile.

An XML External Entity (XXE) vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to /urule/common/saveFile.

Ссылки

EPSS

Процентиль: 34%

0.00132

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-611

Связанные уязвимости

CVE-2023-24189

CVSS3: 9.8

nvd

почти 3 года назад

An XML External Entity (XXE) vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to /urule/common/saveFile.

EPSS

Процентиль: 34%

0.00132

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-611