3 matches found
CVE-2023-37461
creationtimestamp| type| source ---|---|--- 2023-07-18 00:45:31+00:00| seen| https://t.me/cibsecurity/66860...
CVE-2023-37461 Path traversal in metersphere
Metersphere is an opensource testing framework. Files uploaded to Metersphere may define a belongType value with a relative path like ../../../../ which may cause metersphere to attempt to overwrite an existing file in the defined location or to create a new file. Attackers would be limited to...
CVE-2023-37461
CVE-2023-37461 affects Metersphere. The vulnerability arises from uploaded files that may set a related type to a relative path such as ../../../../, enabling a path-traversal that could overwrite or create files within the metersphere process’ accessible filesystem. This is constrained to files ...