2 matches found
CVE-2023-43801
CVE-2023-43801 affects the Arduino Create Agent, specifically the endpoint /v2/pkgs/tools/installed. A user able to make HTTP requests to the localhost interface or bypass CORS can delete arbitrary files/folders owned by the Arduino Create Agent’s running user via a crafted HTTP DELETE request. R...
CVE-2023-43801 Path traversal in Arduino Create Agent
Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass t...