Lucene search
PRIOn knowledge basePRION:CVE-2024-25712HistoryFeb 29, 2024 - 1:44 a.m.
Code injection
2024-02-2901:44:00
PRIOn knowledge base
www.prio-n.com
28
code injection
http-swagger
xss
put requests
file upload
get request
cve-2022-24863
javascript
large files
http-swagger before 1.2.6 allows XSS via PUT requests, because a file that has been uploaded (via httpSwagger.WrapHandler and *webdav.memFile) can subsequently be accessed via a GET request. NOTE: this is independently fixable with respect to CVE-2022-24863, because (if a solution continued to allow PUT requests) large files could have been blocked without blocking JavaScript, or JavaScript could have been blocked without blocking large files.
Related
osv
osv
CVE-2024-25712
2024-02-29 01:44:16
CVE-2022-24863
2022-04-18 19:15:09
Unprotected file upload in github.com/swaggo/http-swagger
2024-02-29 15:38:09
nvd
nvd
CVE-2024-25712
2024-02-29 01:44:16
CVE-2022-24863
2022-04-18 19:15:09
github
github
http-swagger XSS via PUT requests
2024-02-29 03:33:18
Denial of Service in http-swagger
2022-04-22 20:55:52
cvelist
cvelist
CVE-2024-25712
2024-02-11 00:00:00
CVE-2022-24863 Denial of service in http-swagger
2022-04-18 19:00:22
cve
cve
CVE-2024-25712
2024-02-29 01:44:16
CVE-2022-24863
2022-04-18 19:15:09
redhatcve
redhatcve
CVE-2022-24863
2022-04-19 07:56:53
veracode
veracode
Denial Of Service (DoS)
2022-04-19 05:56:50
prion
prion
Design/Logic Flaw
2022-04-18 19:15:00