Arduino Create Agent path traversal - arbitrary file deletion vulnerability

Impact The vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can delete arbitrary files or folders...

GHSA-M5JC-R4GF-C6P8 Arduino Create Agent path traversal - arbitrary file deletion vulnerability

Impact The vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can delete arbitrary files or folders...

Arduino Create Agent path traversal - local privilege escalation vulnerability

Impact The vulnerability affects the endpoint /upload which handles request with the filename parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those of the user running the Arduin...

GHSA-75J7-W798-CWWX Arduino Create Agent path traversal - local privilege escalation vulnerability

Impact The vulnerability affects the endpoint /upload which handles request with the filename parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those of the user running the Arduin...

GHSA-MJQ6-PV9C-QPPQ Arduino Create Agent path traversal - arbitrary file deletion vulnerability

Impact The vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can delete arbitrary files or folders...

Arduino Create Agent path traversal - arbitrary file deletion vulnerability

Impact The vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can delete arbitrary files or folders...

Arduino Create Agent Insufficient Verification of Data Authenticity vulnerability

Impact The vulnerability affects the endpoint /v2/pkgs/tools/installed. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those of the user running the Arduino Create Agent service via a...

GHSA-4X5Q-Q7WC-Q22P Arduino Create Agent Insufficient Verification of Data Authenticity vulnerability

Impact The vulnerability affects the endpoint /v2/pkgs/tools/installed. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those of the user running the Arduino Create Agent service via a...

PT-2023-28993 · Arduino · Arduino Create Agent

Name of the Vulnerable Software and Affected Versions: Arduino Create Agent versions prior to 1.3.3 Description: The issue affects the endpoint "/v2/pkgs/tools/installed". A user who can perform HTTP requests to the localhost interface, or bypass the CORS configuration, can escalate privileges to...

Arduino path traversal vulnerability

Arduino is a microcontroller board from the Arduino project. A security vulnerability exists in Arduino Create Agent versions prior to 1.3.2, which stems from a security flaw in the /v2/pkgs/tools/installed endpoint. An attacker can exploit this vulnerability by constructing HTTP requests...

Arduino path traversal vulnerability

Arduino is a microcontroller board from the Arduino project. A security vulnerability exists in Arduino Create Agent versions prior to 1.3.2. An attacker can escalate privileges by exploiting this vulnerability...

PT-2023-28996 · Arduino · Arduino Create Agent

Name of the Vulnerable Software and Affected Versions: Arduino Create Agent versions prior to 1.3.3 Description: The issue affects the endpoint "/v2/pkgs/tools/installed" and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localho...

PT-2023-28995 · Arduino · Arduino Create Agent

Name of the Vulnerable Software and Affected Versions: Arduino Create Agent versions prior to 1.3.3 Description: The issue affects the endpoint "/upload" which handles requests with the filename parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able ...

Arduino path traversal vulnerability

Arduino is a microcontroller board from the Arduino project. A security vulnerability exists in Arduino Create Agent. An attacker can exploit this vulnerability to delete arbitrary files or folders...

PT-2023-28994 · Arduino · Arduino Create Agent

Name of the Vulnerable Software and Affected Versions: Arduino Create Agent versions prior to 1.3.3 Description: This issue affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhos...

Arduino Data Forgery Issue Vulnerability

Arduino is a microcontroller board from the Arduino project. A security vulnerability exists in Arduino Create Agent versions prior to 1.3.2, which stems from a security hole in the /v2/pkgs/tools/installed endpoint. An attacker can exploit this vulnerability to bypass CORS configuration and...

PNGDec 缓冲区错误漏洞

PNGDec is an Arduino PNG image decoder library from the individual developer Larry Bank. A security vulnerability exists in PNGDec that stems from a heap buffer overflow in asaninterceptorsmemintrinsics.cpp...

PNGDec 安全漏洞

PNGDec is an Arduino PNG image decoder library from the individual developer Larry Bank. A security vulnerability exists in PNGDec, which stems from a memory allocation issue in asanmalloclinux.cpp...

PNGDec 缓冲区错误漏洞

PNGDec is an Arduino PNG image decoder library from the individual developer Larry Bank. A security vulnerability exists in PNGDec that stems from a heap buffer overflow in interceptorfwrite.part.57 of the sanitizercommoninterceptors.inc file...

JPEGDEC 安全漏洞

JPEGDEC is a JPEG decoder optimized for Arduino by the individual developer Larry Bank. JPEGDEC suffers from a security vulnerability that originates from a global buffer overflow in the JPEGDecodeMCU module of the /src/jpeg.inl file...