Lucene search
MitreCVELIST:CVE-2024-25712HistoryFeb 11, 2024 - 12:00 a.m.
CVE-2024-25712
2024-02-1100:00:00
mitre
www.cve.org
http-swagger
vulnerability
xss
put requests
get requests
uploaded files
0.002 Low
EPSS
Percentile
53.2%
http-swagger before 1.2.6 allows XSS via PUT requests, because a file that has been uploaded (via httpSwagger.WrapHandler and *webdav.memFile) can subsequently be accessed via a GET request. NOTE: this is independently fixable with respect to CVE-2022-24863, because (if a solution continued to allow PUT requests) large files could have been blocked without blocking JavaScript, or JavaScript could have been blocked without blocking large files.
Related
osv
osv
http-swagger XSS via PUT requests
2024-02-29 03:33:18
CVE-2024-25712
2024-02-29 01:44:16
Denial of Service in http-swagger
2022-04-22 20:55:52
github
github
http-swagger XSS via PUT requests
2024-02-29 03:33:18
Denial of Service in http-swagger
2022-04-22 20:55:52
prion
prion
Code injection
2024-02-29 01:44:00
Design/Logic Flaw
2022-04-18 19:15:00
nvd
nvd
CVE-2024-25712
2024-02-29 01:44:16
CVE-2022-24863
2022-04-18 19:15:09
cve
cve
CVE-2024-25712
2024-02-29 01:44:16
CVE-2022-24863
2022-04-18 19:15:09
veracode
veracode
Denial Of Service (DoS)
2022-04-19 05:56:50
redhatcve
redhatcve
CVE-2022-24863
2022-04-19 07:56:53
cvelist
cvelist
CVE-2022-24863 Denial of service in http-swagger
2022-04-18 19:00:22