Описание
An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type.
Ссылки
- Patch
- Release Notes
- Patch
- Release Notes
Уязвимые конфигурации
Конфигурация 1Версия до 2.4.184 (исключая)
cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*
EPSS
Процентиль: 29%
0.00108
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-434
CWE-434
Связанные уязвимости
CVSS3: 9.8
github
почти 2 года назад
An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type.
EPSS
Процентиль: 29%
0.00108
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-434
CWE-434