Описание
A path traversal vulnerability exists in the latest version of stangirard/quivr. This vulnerability allows an attacker to upload files to arbitrary paths in an S3 bucket by manipulating the file path in the upload request.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:quivr:quivr:0.0.254:*:*:*:*:*:*:*
EPSS
Процентиль: 35%
0.00145
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-23
Связанные уязвимости
CVSS3: 4.3
github
11 месяцев назад
A path traversal vulnerability exists in the latest version of stangirard/quivr. This vulnerability allows an attacker to upload files to arbitrary paths in an S3 bucket by manipulating the file path in the upload request.
EPSS
Процентиль: 35%
0.00145
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-23