Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-2Q6V-32MR-8P8X
HistoryApr 12, 2022 - 9:20 p.m.

Null Byte Injection in Plug.Static

2022-04-1221:20:20
Google
osv.dev
11
plug static
null byte injection
file upload
filetype restrictions
s3
cloud storage

EPSS

0

Percentile

12.6%

JSON

Plug.Static is used for serving static assets, and is vulnerable to null
byte injection. If file upload functionality is provided, this can allow
users to bypass filetype restrictions.
We recommend all applications that provide file upload functionality and
serve those uploaded files locally with Plug.Static to upgrade immediately
or include the fix below. If uploaded files are rather stored and served
from S3 or any other cloud storage, you are not affected.

Related

cvelist 1
nvd 1
prion 1
cve 1
github 1
osv 1
cvelist
cvelist
CVE-2017-1000052
2017-07-13 20:00:00
nvd
nvd
CVE-2017-1000052
2017-07-17 13:18:17
prion
prion
Sql injection
2017-07-17 13:18:00
cve
cve
CVE-2017-1000052
2017-07-17 13:18:17
github
github
Null Byte Injection in Plug.Static
2022-04-12 21:20:20
osv
osv
CVE-2017-1000052
2017-07-17 13:18:17

EPSS

0

Percentile

12.6%

JSON
Related for OSV:GHSA-2Q6V-32MR-8P8X
cvelist1nvd1prion1cve1github1osv1