Описание
This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside the designated target folder.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | needs-triage | |
| esm-apps/xenial | needs-triage | |
| esm-infra-legacy/trusty | DNE | |
| focal | ignored | end of standard support, was needs-triage |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | |
| upstream | needs-triage | |
| xenial | ignored | end of standard support |
Показывать по
5 Medium
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside the designated target folder.
This affects the package cesanta/mongoose before 7.6. The unsafe handl ...
This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside the designated target folder.
5 Medium
CVSS2
9.8 Critical
CVSS3