Lucene search
HistoryFeb 29, 2024 - 1:44 a.m.
CVE-2024-25712
cve-2024-25712
http-swagger
xss
put requests
nvd
http-swagger before 1.2.6 allows XSS via PUT requests, because a file that has been uploaded (via httpSwagger.WrapHandler and *webdav.memFile) can subsequently be accessed via a GET request. NOTE: this is independently fixable with respect to CVE-2022-24863, because (if a solution continued to allow PUT requests) large files could have been blocked without blocking JavaScript, or JavaScript could have been blocked without blocking large files.
Related
osv
osv
http-swagger XSS via PUT requests
2024-02-29 03:33:18
CVE-2024-25712
2024-02-29 01:44:16
Unprotected file upload in github.com/swaggo/http-swagger
2024-02-29 15:38:09
cvelist
cvelist
CVE-2024-25712
2024-02-11 00:00:00
CVE-2022-24863 Denial of service in http-swagger
2022-04-18 19:00:22
github
github
http-swagger XSS via PUT requests
2024-02-29 03:33:18
Denial of Service in http-swagger
2022-04-22 20:55:52
prion
prion
Code injection
2024-02-29 01:44:00
Design/Logic Flaw
2022-04-18 19:15:00
nvd
nvd
CVE-2024-25712
2024-02-29 01:44:16
CVE-2022-24863
2022-04-18 19:15:09
veracode
veracode
Denial Of Service (DoS)
2022-04-19 05:56:50
redhatcve
redhatcve
CVE-2022-24863
2022-04-19 07:56:53
cve
cve
CVE-2022-24863
2022-04-18 19:15:09