Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Mongoose Embedded Web Server Library Security Vulnerabilities

cve
cve

CVE-2017-11567

Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save. NOTE: this issue can be leveraged to execute arbitrary code remotely.

8.8CVSS

9.2AI Score

0.053EPSS

2017-09-07 01:29 PM
52
cve
cve

CVE-2017-7185

Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a multipart/form-data POST request without ...

7.5CVSS

7.2AI Score

0.025EPSS

2017-04-10 03:59 PM
38
4
cve
cve

CVE-2018-20352

Use-after-free vulnerability in the mg_cgi_ev_handler function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.

8.8CVSS

8.9AI Score

0.004EPSS

2019-06-10 05:29 PM
34