Описание
lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1) dangerousMacros.pl, (2) PG.pl, or (3) IO.pl.
Ссылки
- Patch
- Patch
- Patch
- Patch
Уязвимые конфигурации
Конфигурация 1Версия до 2.3 (включая)
cpe:2.3:a:webwork:program_generation_language:*:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00445
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1) dangerousMacros.pl, (2) PG.pl, or (3) IO.pl.
EPSS
Процентиль: 63%
0.00445
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other