GHSA-q7hx-mrv5-6mrp

Опубликовано: 24 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

HashBrown CMS Directory Traversal

An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/Resource/Connection.js allows an attacker to reach a parent directory via a crafted name or ID field.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2020-5840
https://github.com/HashBrownCMS/hashbrown-cms/commit/6b37b73944447bb29c6aaeb086b04196d80c692a
https://github.com/HashBrownCMS/hashbrown-cms/compare/v1.3.1...v1.3.2
https://github.com/HashBrownCMS/hashbrown-cms/releases/tag/v1.3.2

Пакеты

Наименование

hashbrown-cms

npm

Затронутые версииВерсия исправления

< 1.3.2

1.3.2

EPSS

Процентиль: 64%

0.00469

Низкий

7.5 High

CVSS3

CVE ID

CVE-2020-5840

Дефекты

CWE-22

Связанные уязвимости

CVE-2020-5840

CVSS3: 7.5

nvd

около 6 лет назад

An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/Resource/Connection.js allows an attacker to reach a parent directory via a crafted name or ID field.

EPSS

Процентиль: 64%

0.00469

Низкий

7.5 High

CVSS3

CVE ID

CVE-2020-5840

Дефекты

CWE-22