Описание
Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php.
Ссылки
- Third Party AdvisoryVDB Entry
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- Third Party AdvisoryVDB Entry
- PatchThird Party Advisory
- Release NotesThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.3.5 (включая)
cpe:2.3:a:boltcms:bolt:*:*:*:*:*:*:*:*
EPSS
Процентиль: 59%
0.0038
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-732
Связанные уязвимости
CVSS3: 5.3
msrc
4 месяца назад
Bolt before 3.3.6 does not properly restrict access to _profiler routes
EPSS
Процентиль: 59%
0.0038
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-732