Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-M2C7-42RF-C62F
HistoryFeb 01, 2022 - 12:00 a.m.

Unrestricted Upload of File with Dangerous Type in motionEye

2022-02-0100:00:44
Google
osv.dev
77
motioneye
motioneyeos
unrestricted upload
remote attack
python pickle
configuration backup
internet access
authentication
patched version
maintenance status
security protection

EPSS

0.003

Percentile

68.4%

JSON

motionEye <= 0.42.1 and motioneEyeOS <= 20200606 allow a remote attacker to upload a configuration backup file containing a malicious python pickle file. This is possible when an installation is accessible over the Internet and uses no or poor authentication credentials.

The GitHub repositories for motionEye and motionEyeOS are no longer being actively maintained as of January 2022, so release of a patched version is unlikely. Keeping a motionEye or motionEyeOS installation off of the Internet and/or using strong credentials provide protection against this issue.

Related

cvelist 1
github 1
cve 1
osv 1
prion 1
nvd 1
cvelist
cvelist
CVE-2021-44255
2022-01-31 11:18:20
github
github
Unrestricted Upload of File with Dangerous Type in motionEye
2022-02-01 00:00:44
cve
cve
CVE-2021-44255
2022-01-31 12:15:07
osv
osv
CVE-2021-44255
2022-01-31 12:15:07
prion
prion
Design/Logic Flaw
2022-01-31 12:15:00
nvd
nvd
CVE-2021-44255
2022-01-31 12:15:07

EPSS

0.003

Percentile

68.4%

JSON
Related for OSV:GHSA-M2C7-42RF-C62F
cvelist1github1cve1osv1prion1nvd1