GHSA-9wf4-422v-6w3j

Опубликовано: 21 нояб. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

An arbitrary file upload vulnerability in the importSettings method of VisiCut v2.1 allows attackers to execute arbitrary code via uploading a crafted Zip file.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2024-51365
https://download.visicut.org
https://github.com/Gelcon/PoC-of-VisiCut2_1-Stack-Overflow-Vul
http://visicut.com

9.8 Critical

CVSS3

CVE ID

CVE-2024-51365

Дефекты

CWE-434

Связанные уязвимости

CVE-2024-51365

nvd

около 1 года назад

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

9.8 Critical

CVSS3

CVE ID

CVE-2024-51365

Дефекты

CWE-434