Lucene search

@huntrdevCVELIST:CVE-2022-0472

HistoryFeb 04, 2022 - 10:32 p.m.

CVE-2022-0472 Unrestricted Upload of File with Dangerous Type in jsdecena/laracom

2022-02-0422:32:06

CWE-434

@huntrdev

www.cve.org

jsdecena laracom packagist unrestricted upload file dangerous type cve-2022-0472 prior

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

21.4%

JSON

Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/laracom prior to v2.0.9.

CNA Affected

[
  {
    "product": "jsdecena/laracom",
    "vendor": "jsdecena",
    "versions": [
      {
        "lessThan": "v2.0.9",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/jsdecena/laracom/commit/256026193ce994dc4c1365e02f414d8a0cd77ae8

huntr.dev/bounties/cb5b8563-15cf-408c-9f79-4871ea0a8713

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

21.4%

JSON

Related for CVELIST:CVE-2022-0472