Описание
Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution (RCE) vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been fixed in version 3.3.2.
EPSS
Процентиль: 76%
0.00962
Низкий
Дефекты
CWE-78
Связанные уязвимости
github
4 месяца назад
Kottster app reinitialization can be re-triggered allowing command injection in development mode
EPSS
Процентиль: 76%
0.00962
Низкий
Дефекты
CWE-78