exploitDog

CVE-2022-44635

Опубликовано: 29 нояб. 2022

Источник: nvd

CVSS3: 8.8

EPSS Средний

Описание

Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We recommend users to upgrade to 1.8.1.

Ссылки

http://www.openwall.com/lists/oss-security/2022/11/29/3
Mailing List
Third Party Advisory
https://lists.apache.org/thread/t8q6fmh3o6yqmy69qtqxppk9yg9wfybg
Mailing List
Vendor Advisory
http://www.openwall.com/lists/oss-security/2022/11/29/3
Mailing List
Third Party Advisory
https://lists.apache.org/thread/t8q6fmh3o6yqmy69qtqxppk9yg9wfybg
Mailing List
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:fineract:*:*:*:*:*:*:*:*

Версия до 1.8.1 (исключая)

EPSS

Процентиль: 94%

0.12974

Средний

8.8 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-mh5c-7q6j-cwmg

CVSS3: 8.8

github

около 3 лет назад

Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We recommend users to upgrade to 1.8.1.

EPSS

Процентиль: 94%

0.12974

Средний

8.8 High

CVSS3

Дефекты

CWE-22