An issue was discovered in 20|20 Storage 2.11.0. A Path Traversal vulnerability in the TwentyTwenty.Storage library in the LocalStorageProvider allows creating and reading files outside of the specified basepath. If the application using this library does not sanitize user-supplied filenames, then this issue may be exploited to read or write arbitrary files. This affects LocalStorageProvider.cs.
References
Link | Resource |
---|---|
https://security401.com/twentytwenty-storage-path-traversal/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-08-13T20:46:14
Updated: 2019-08-13T20:46:14
Reserved: 2019-05-30T00:00:00
Link: CVE-2019-12479
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-08-13T21:15:11.347
Modified: 2019-08-21T18:40:28.907
Link: CVE-2019-12479
JSON object: View
Redhat Information
No data.
CWE