CVE-2022-29351

Опубликовано: 16 мая 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

An arbitrary file upload vulnerability in the file upload module of Tiddlywiki5 v5.2.2 allows attackers to execute arbitrary code via a crafted SVG file. Note: The vendor argues that this is not a legitimate issue and there is no vulnerability here.

Ссылки

http://tiddlywiki5.com
Broken Link
Product
URL Repurposed
https://github.com/Jermolene/TiddlyWiki5
Third Party Advisory
https://github.com/jimcola99/corruptsvgfile
Third Party Advisory
https://www.youtube.com/watch?v=F_DBx4psWns
Exploit
Third Party Advisory
http://tiddlywiki5.com
Broken Link
Product
URL Repurposed
https://github.com/Jermolene/TiddlyWiki5
Third Party Advisory
https://github.com/jimcola99/corruptsvgfile
Third Party Advisory
https://www.youtube.com/watch?v=F_DBx4psWns
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tiddlywiki:tiddlywiki5:5.2.2:*:*:*:*:*:*:*

EPSS

Процентиль: 80%

0.01353

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-cr9c-rhq6-vh53