exploitDog

CVE-2019-10765

Опубликовано: 20 нояб. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

iobroker.admin before 3.6.12 allows attacker to include file contents from outside the /log/file1/ directory.

Ссылки

https://github.com/ioBroker/ioBroker.admin/commit/16b2b325ab47896090bc7f54b77b0a97ed74f5cd
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-IOBROKERADMIN-534634
Exploit
Third Party Advisory
https://github.com/ioBroker/ioBroker.admin/commit/16b2b325ab47896090bc7f54b77b0a97ed74f5cd
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-IOBROKERADMIN-534634
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:iobroker:iobroker.admin:*:*:*:*:*:node.js:*:*

Версия до 3.6.12 (исключая)

EPSS

Процентиль: 67%

0.00537

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-54xj-q58h-9x57

CVSS3: 9.8

github

больше 5 лет назад

Arbitrary File Write in iobroker.admin

EPSS

Процентиль: 67%

0.00537

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-22