7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
0.01 Low
EPSS
Percentile
83.5%
An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are configuration options in all versions that can change the default behavior of how files are handled. Strapi does not consider this to be a valid vulnerability.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | node-formidable | <ย 3.2.4+20220519git81dd350+~cs4.0.9-1 | node-formidable_3.2.4+20220519git81dd350+~cs4.0.9-1_all.deb |
Debian | 11 | all | node-formidable | <=ย 1.2.1+20200129git8231ea6-1 | node-formidable_1.2.1+20200129git8231ea6-1_all.deb |
Debian | 999 | all | node-formidable | <ย 3.2.4+20220519git81dd350+~cs4.0.9-1 | node-formidable_3.2.4+20220519git81dd350+~cs4.0.9-1_all.deb |
Debian | 13 | all | node-formidable | <ย 3.2.4+20220519git81dd350+~cs4.0.9-1 | node-formidable_3.2.4+20220519git81dd350+~cs4.0.9-1_all.deb |
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
0.01 Low
EPSS
Percentile
83.5%