Lucene search

GitHub Advisory DatabaseGHSA-XP82-JMW8-MJXP

HistoryMar 23, 2022 - 12:00 a.m.

Unrestricted Upload of File with Dangerous Type in ShowDoc

2022-03-2300:00:23

CWE-434

GitHub Advisory Database

github.com

unrestricted upload

file

vulnerability

showdoc

version 2.10.4

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

41.1%

JSON

There is a Unrestricted Upload of File vulnerability in ShowDoc prior to version 2.10.4.

Affected configurations

Vulners

Node

showdocshowdocRange<2.10.4

VendorProductVersionCPE
showdocshowdoc*cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
showdoc	showdoc	*	cpe:2.3:a:showdoc:showdoc::::::::

References

github.com/advisories/GHSA-xp82-jmw8-mjxp

github.com/star7th/showdoc/commit/bd792a89c0325836fbd64784f4c4117c0171416b

huntr.dev/bounties/d205c489-3266-4ac4-acb7-c8ee570887f7

nvd.nist.gov/vuln/detail/CVE-2022-1034

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

41.1%

JSON

Related for GHSA-XP82-JMW8-MJXP