Количество 3
Количество 3
CVE-2021-39172
Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can exploit a new line injection in the configuration edition feature (e.g. mail settings) and gain arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving `UpdateConfigCommandHandler` and preventing the use of new lines characters in new configuration values. As a workaround, only allow trusted source IP addresses to access to the administration dashboard.
CVE-2021-39172
Cachet is an open source status page system. Prior to version 2.5.1, a ...
GHSA-9jxw-cfrh-jxq6
Cachet vulnerable to new line injection during configuration edition
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-39172 Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can exploit a new line injection in the configuration edition feature (e.g. mail settings) and gain arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving `UpdateConfigCommandHandler` and preventing the use of new lines characters in new configuration values. As a workaround, only allow trusted source IP addresses to access to the administration dashboard. | CVSS3: 8.8 | 57% Средний | больше 4 лет назад |
| CVE-2021-39172 Cachet is an open source status page system. Prior to version 2.5.1, a ... | CVSS3: 8.8 | 57% Средний | больше 4 лет назад |
| GHSA-9jxw-cfrh-jxq6 Cachet vulnerable to new line injection during configuration edition | CVSS3: 8.8 | 57% Средний | больше 4 лет назад |
Уязвимостей на страницу