exploitDog

CVE-2024-54909

Опубликовано: 06 фев. 2025

Источник: nvd

CVSS3: 8.1

EPSS Низкий

Описание

A vulnerability has been identified in GoldPanKit eva-server v4.1.0. It affects the path parameter of the /api/resource/local/download endpoint, where manipulation of this parameter can lead to arbitrary file download.

Ссылки

https://github.com/goldpankit/eva-springboot2/issues/2

EPSS

Процентиль: 51%

0.00283

Низкий

8.1 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-9r56-r7r5-55vj

CVSS3: 5.3

github

около 1 года назад

A vulnerability has been identified in GoldPanKit eva-server v4.1.0. It affects the path parameter of the /api/resource/local/download endpoint, where manipulation of this parameter can lead to arbitrary file download.

EPSS

Процентиль: 51%

0.00283

Низкий

8.1 High

CVSS3

Дефекты

CWE-22