exploitDog

GHSA-q63c-hwh7-h8pw

Опубликовано: 17 янв. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 6.5

Описание

RONDS EPM version 1.19.5 does not properly validate the filename parameter, which could allow an unauthorized user to specify file paths and download files.

RONDS EPM version 1.19.5 does not properly validate the filename parameter, which could allow an unauthorized user to specify file paths and download files.

Ссылки

EPSS

Процентиль: 51%

0.00283

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-22

Связанные уязвимости

CVE-2022-2893

CVSS3: 8.2

nvd

около 3 лет назад

RONDS EPM version 1.19.5 does not properly validate the filename parameter, which could allow an unauthorized user to specify file paths and download files.

EPSS

Процентиль: 51%

0.00283

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-22