Описание
Withdrawn: Code execution via SVG file upload in tiddlywiki
Withdrawn Advisory
This advisory has been withdrawn because it has been found to not be valid. Please see the issue here for more information.
Original Description
An arbitrary file upload vulnerability in the file upload module of Tiddlywiki5 v5.2.2 allows attackers to execute arbitrary code via a crafted SVG file.
Пакеты
Наименование
tiddlywiki
npm
Затронутые версииВерсия исправления
<= 5.2.2
Отсутствует
Связанные уязвимости
CVSS3: 9.8
nvd
больше 3 лет назад
An arbitrary file upload vulnerability in the file upload module of Tiddlywiki5 v5.2.2 allows attackers to execute arbitrary code via a crafted SVG file. Note: The vendor argues that this is not a legitimate issue and there is no vulnerability here.