Lucene search
K

24 matches found

Cvelist
Cvelist
added 2025/09/24 12:0 a.m.19 views

CVE-2025-56815

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the server directly uses MultipartFile.transferTo to save the uploaded file to a path controllable by the user, and lacks strict verification of the file name...

0.00582EPSS
Exploits2References2
CVE
CVE
added 2025/09/24 12:0 a.m.25 views

CVE-2025-56815

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal via POST /viz/image due to saving uploaded files with MultipartFile.transferTo() to user-controllable paths and insufficient filename verification. Root cause: lack of strict validation of the uploaded filename. Impact: potential file path tr...

7.1CVSS6.5AI score0.00582EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2025/07/16 8:19 a.m.95 views

BIT-TOMCAT-2025-52520 Apache Tomcat: DoS via integer overflow in multipart file upload

For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0 through 11.0.8, from 10.1.0 through 10.1.42, from 9.0.0 through 9.0.106. The following versions...

7.5CVSS7.2AI score0.0196EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/07/10 7:5 p.m.31 views

CVE-2025-52520 Apache Tomcat: DoS via integer overflow in multipart file upload

For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. The following...

0.0196EPSS
Exploits0References1
CVE
CVE
added 2025/07/10 7:5 p.m.129 views

CVE-2025-52520

The CVE-2025-52520 entry describes an Integer Overflow DoS in Apache Tomcat triggered by certain multipart upload configurations. Affected branches include Tomcat 11.0.x (11.0.0-M1 to 11.0.8) and older 10.1.x (10.1.0-M1 to 10.1.42) and 9.0.x (9.0.0.M1 to 9.0.106); EOL versions may also be affecte...

7.5CVSS9.3AI score0.0196EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/10 7:5 p.m.4 views

CVE-2025-52520 Apache Tomcat: DoS via integer overflow in multipart file upload

For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. The following...

9.3AI score0.0196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:36 a.m.13 views

CVE-2024-47082

Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable ...

8CVSS7AI score0.0023EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/04 10:41 p.m.5 views

CVE-2024-8517

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request...

9.8CVSS8.4AI score0.94618EPSS
Exploits7References1
Veracode
Veracode
added 2024/09/27 6:11 a.m.11 views

Cross-Site Request Forgery (CSRF)

strawberrygraphql is vulnerable to cross-site request forgery CSRF. The vulnerability is due to the default configuration of the Strawberry GraphQL library, which allows multipart file upload support without proper CSRF protection and exempted the integration from Django's built-in CSRF safeguard...

8CVSS6.8AI score0.0023EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/09/25 6:21 p.m.34 views

GHSA-79GP-Q4WV-33FR Cross-Site Request Forgery (CSRF) in strawberry-graphql

Impact Multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable to CSRF attacks if users did not explicitly enable CSRF preventing security...

4.8CVSS6AI score0.0023EPSS
Exploits0References6
NVD
NVD
added 2024/09/25 6:15 p.m.40 views

CVE-2024-47082

Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable ...

8CVSS0.0023EPSS
Exploits0References3
CVE
CVE
added 2024/09/25 5:48 p.m.98 views

CVE-2024-47082

The CVE-2024-47082 entry describes a vulnerability in Strawberry GraphQL where multipart file upload support was enabled by default in HTTP view integrations prior to version 0.243.0, enabling CSRF attacks if CSRF protection was not explicitly enabled. The Django HTTP view integration had a defau...

8CVSS5.3AI score0.0023EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/09/25 5:48 p.m.42 views

CVE-2024-47082 Strawberry GraphQL Cross-Site Request Forgery (CSRF) vulnerability

Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable ...

4.6CVSS0.0023EPSS
Exploits0References3
OSV
OSV
added 2024/09/25 5:48 p.m.26 views

CVE-2024-47082 Strawberry GraphQL Cross-Site Request Forgery (CSRF) vulnerability

Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable ...

4.6CVSS6.7AI score0.0023EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/09/25 5:48 p.m.20 views

CVE-2024-47082 Strawberry GraphQL Cross-Site Request Forgery (CSRF) vulnerability

Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable ...

4.6CVSS7.2AI score0.0023EPSS
Exploits0References3
NVD
NVD
added 2024/09/06 4:15 p.m.22 views

CVE-2024-8517

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request...

9.8CVSS0.94618EPSS
Exploits7References4
OSV
OSV
added 2024/09/06 4:15 p.m.19 views

CVE-2024-8517

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request...

9.8CVSS8AI score
Exploits0References4
Cvelist
Cvelist
added 2024/09/06 3:55 p.m.25 views

CVE-2024-8517 SPIP Bigup Multipart File Upload OS Command Injection

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request...

9.8CVSS0.94618EPSS
Exploits7References4
CVE
CVE
added 2024/09/06 3:55 p.m.160 views

CVE-2024-8517

CVE-2024-8517 affects the SPIP BigUp plugin (SPIP CMS). The vulnerability is a remote, unauthenticated command injection via crafted multipart file upload requests, allowing an attacker to execute arbitrary OS commands and potentially take full control of the SPIP installation. Affected versions ...

9.8CVSS9.9AI score0.94618EPSS
Exploits7References4Affected Software1
Debian CVE
Debian CVE
added 2024/09/06 3:55 p.m.18 views

CVE-2024-8517

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request...

9.8CVSS9AI score0.94618EPSS
Exploits7
Rows per page
Query Builder