Описание
Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers in certain situations, which may cause crafted files to be delivered to clients such that they are rendered directly in a victim's web browser.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.5.4 (включая)
cpe:2.3:a:fire.ly:spark:*:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00358
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-706
Связанные уязвимости
github
больше 3 лет назад
Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers in certain situations, which may cause crafted files to be delivered to clients such that they are rendered directly in a victim's web browser.
EPSS
Процентиль: 58%
0.00358
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-706