Lucene search

GoogleOSV:CVE-2023-27164

HistoryMar 10, 2023 - 4:15 p.m.

CVE-2023-27164

2023-03-1016:15:11

Google

osv.dev

arbitrary file upload

halo software

arbitrary code execution

crafted file

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.5%

JSON

An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file.

CPENameOperatorVersion
haloeq0.0.4
haloeq1.5.0-beta.1
haloeq1.6.1
haloeq1.5.0-alpha.1
haloeq0.1
haloeq1.0.0-beta.7
haloeq1.4.3
haloeq1.4.1
haloeq1.4.3-beta.2
haloeq1.0.0

Name	Operator	Version
halo	eq	0.0.4
halo	eq	1.5.0-beta.1
halo	eq	1.6.1
halo	eq	1.5.0-alpha.1
halo	eq	0.1
halo	eq	1.0.0-beta.7
halo	eq	1.4.3
halo	eq	1.4.1
halo	eq	1.4.3-beta.2
halo	eq	1.0.0

Rows per page:

1-10 of 811

References

halo.com

gist.github.com/b33t1e/a1a0d81b1173d0d00de8f4e7958dd867

github.com/halo-dev/halo

notes.sjtu.edu.cn/s/s5oEvs-p5