exploitDog

CVE-2020-21522

Опубликовано: 30 сент. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and finally get the permissions of the operating system.

Ссылки

https://github.com/halo-dev/halo/issues/418
Exploit
Issue Tracking
Third Party Advisory
https://github.com/halo-dev/halo/issues/418
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:halo:halo:1.1.3:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00587

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-gj86-cwgp-gj94

github

больше 3 лет назад

An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and finally get the permissions of the operating system.

EPSS

Процентиль: 69%

0.00587

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-22