exploitDog

CVE-2022-34613

Опубликовано: 02 авг. 2022

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file.

Ссылки

https://cwe.mitre.org/data/definitions/79.html
Third Party Advisory
https://docs.mealie.io/changelog/v0.5.6/
Release Notes
Vendor Advisory
https://gainsec.com/2022/08/02/cve-2022-34613-cve-2022-34618-cve-2022-34619-xss-file-upload-and-more/
Exploit
Third Party Advisory
https://hub.docker.com/r/hkotel/mealie
Third Party Advisory
https://cwe.mitre.org/data/definitions/79.html
Third Party Advisory
https://docs.mealie.io/changelog/v0.5.6/
Release Notes
Vendor Advisory
https://gainsec.com/2022/08/02/cve-2022-34613-cve-2022-34618-cve-2022-34619-xss-file-upload-and-more/
Exploit
Third Party Advisory
https://hub.docker.com/r/hkotel/mealie
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mealie_project:mealie:1.0.0:beta3:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.01769

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-fjx6-p67m-7wmx

CVSS3: 9.8

github

больше 3 лет назад

Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file.

EPSS

Процентиль: 82%

0.01769

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434