Описание
Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary files and cause a denial of service by uploading an HTML file.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- Release NotesVendor Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.16 (исключая)
cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.135
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary files and cause a denial of service by uploading an HTML file.
EPSS
Процентиль: 94%
0.135
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-434