CVE-2022-25299

High

This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may…

snyk·CWE-552·Published 2022-02-18

CVSS

7.5

EPSS

0.01

KEV

Exploits

cve.orgen

228 chars

This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside the designated target folder.

NVDen

228 chars

NVDes

277 chars

Esto afecta al paquete cesanta/mongoose versiones anteriores a 7.6. Un manejo no seguro de los nombres de archivo durante la carga usando el método mg_http_upload() puede permitir a atacantes escribir archivos en ubicaciones arbitrarias fuera de la carpeta de destino designada

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H