CVE-2023-29635

Опубликовано: 01 мая 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

File upload vulnerability in Antabot White-Jotter v0.2.2, allows remote attackers to execute malicious code via the file parameter to function coversUpload.

Ссылки

https://github.com/Antabot/White-Jotter/blob/c1c5d66fda090b986b8f46a7132d403e3b038c5d/wj/src/main/java/com/gm/wj/controller/LibraryController.java#L63
Patch
https://github.com/Antabot/White-Jotter/issues/157
Vendor Advisory
https://github.com/Antabot/White-Jotter/blob/c1c5d66fda090b986b8f46a7132d403e3b038c5d/wj/src/main/java/com/gm/wj/controller/LibraryController.java#L63
Patch
https://github.com/Antabot/White-Jotter/issues/157
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:antabot_white-jotter_project:antabot_white-jotter:0.2.2:*:*:*:*:*:*:*

EPSS

Процентиль: 72%

0.00717

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-mg6w-2hgg-4v3g