CVE-2025-46653

Опубликовано: 26 апр. 2025

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 3.1

Описание

Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." (Also, there is a scenario in which only the last two characters of a hexoid string need to be guessed, but this is not often relevant.) NOTE: this does not imply that, in a typical use case, attackers will be able to exploit any hexoid behavior to upload and execute their own content.

Релиз	Статус	Примечание
devel	needs-triage
esm-apps/bionic	needs-triage
esm-apps/focal	needs-triage
esm-apps/jammy	needs-triage
esm-apps/noble	needs-triage
esm-apps/xenial	needs-triage
focal	ignored	end of standard support, was needs-triage
jammy	needs-triage
noble	needs-triage
oracular	needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 1%

0.00011

Низкий

3.1 Low

CVSS3

Связанные уязвимости

CVE-2025-46653

CVSS3: 3.1

redhat

около 2 месяцев назад

CVE-2025-46653

CVSS3: 3.1

nvd

около 2 месяцев назад

CVE-2025-46653

CVSS3: 3.1

debian

около 2 месяцев назад

Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies ...

GHSA-75v8-2h7p-7m2m

CVSS3: 3.1

github

около 2 месяцев назад

Formidable relies on hexoid to prevent guessing of filenames for untrusted executable content

EPSS

Процентиль: 1%

0.00011

Низкий

3.1 Low

CVSS3

CVE-2025-46653

Описание

Пакет node-formidable

Ссылки на источники

Связанные уязвимости