Camaleon CMS vulnerable to Path Traversal through AWS S3 uploader implementation

Camaleon CMS versions 2.4.5.0 through 2.9.1, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...

GHSA-JW5G-F64P-6X78 Camaleon CMS vulnerable to Path Traversal through AWS S3 uploader implementation

Camaleon CMS versions 2.4.5.0 through 2.9.1, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...

CAMALEON CMS 路径遍历漏洞

CAMALEON CMS is a dynamic advanced content management system developed by Owen Peredo Diaz. Versions of Camaleon CMS prior to 2.9.0 and versions before f54a77e contained a path traversal vulnerability. This vulnerability stems from path traversal in the AWS S3 uploader implementation, which could...

CVE-2021-34084

OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata function...

OS Command Injection

s3-uploader is vulnerable to os command injection. The vulnerability exists in the getMetadata function in index.js because the parameters are not properly restricted which allows an attacker to inject and execute arbitrary os commands...

OS Command Injection in s3-uploader

OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata function...

chhyun-utils (>=1.0.12 <=1.0.39), jotunheimr (>=1.11.0 <=1.12.1) potentially affected by CVE-2021-34084 via s3-uploader (>=1.1.0 <=2.0.3)

s3-uploader NPM version =1.1.0, =1.0.12, =1.11.0, =1.12.1 Source cves: CVE-2021-34084 Source advisory: OSV:GHSA-GWP3-F7MR-QPFV...

GHSA-GWP3-F7MR-QPFV OS Command Injection in s3-uploader

OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata function...

CVE-2021-34084

OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata function...

CVE-2021-34084

OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata function...

Command injection

OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata function...

s3-uploader 操作系统命令注入漏洞

s3-uploader is flexible and efficient for image resizing, renaming and uploading to Amazon S3 disk storage. A security vulnerability in Turistforeningen node-s3-uploader 2.0.3 and earlier stems from a Node.js package insecurely passing data to the metadata function, which ultimately connects to a...

CVE-2021-34084

OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata function...

CVE-2021-34084

CVE-2021-34084 is an OS command injection vulnerability affecting Turistforeningen node-s3-uploader up to version 2.0.3 for Node.js. The issue arises in the getMetadata/metadata() flow where untrusted input can be used to construct OS commands, enabling an attacker to execute arbitrary commands o...

chhyun-utils (>=1.0.12 <=1.0.39), jotunheimr (>=1.11.0 <=1.12.1) +4 more potentially affected by CVE-2019-10788 via im-metadata (>=2.1.1 <=3.0.1)

im-metadata NPM version =2.1.1, =1.0.12, =1.11.0, =1.0.0, =0.0.1, =2.0.2, =2.0.3 - wn-s3-uploader =1.0.0 Source cves: CVE-2019-10788 Source advisory: OSV:GHSA-QFXV-QQVG-24PG...

chhyun-utils (>=1.0.12 <=1.0.39), jotunheimr (>=1.11.0 <=1.12.1) +4 more potentially affected by CVE-2019-10787 via im-resize (>=2.0.2 <=2.3.2)

im-resize NPM version =2.0.2, =1.0.12, =1.11.0, =1.0.0, =0.0.1, =2.0.2, =2.0.3 - wn-s3-uploader =1.0.0 Source cves: CVE-2019-10787 Source advisory: OSV:GHSA-R9VM-RHMF-7HXX...

chhyun-utils (>=1.0.12 <=1.0.39), jotunheimr (>=1.11.0 <=1.12.1) +4 more potentially affected by CVE-2019-10788 via im-metadata (>=2.1.1 <=3.0.1)

im-metadata NPM version =2.1.1, =1.0.12, =1.11.0, =1.0.0, =0.0.1, =2.0.2, =2.0.3 - wn-s3-uploader =1.0.0 Source cves: CVE-2019-10788 Source advisory: SNYK:JS-IMMETADATA-544184...

chhyun-utils (>=1.0.12 <=1.0.39), jotunheimr (>=1.11.0 <=1.12.1) +4 more potentially affected by CVE-2019-10787 via im-resize (>=2.0.2 <=2.3.2)

im-resize NPM version =2.0.2, =1.0.12, =1.11.0, =1.0.0, =0.0.1, =2.0.2, =2.0.3 - wn-s3-uploader =1.0.0 Source cves: CVE-2019-10787 Source advisory: SNYK:JS-IMRESIZE-544183...