Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier allows remote attackers to alter the data by uploading a specially crafted file.
References
Link | Resource |
---|---|
https://github.com/weseek/growi | Product Third Party Advisory |
https://hub.docker.com/r/weseek/growi/ | Product Third Party Advisory |
https://jvn.jp/en/jp/JVN94169589/index.html | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: jpcert
Published: 2020-12-16T07:45:19
Updated: 2020-12-16T07:45:19
Reserved: 2020-01-06T00:00:00
Link: CVE-2020-5683
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-12-16T08:15:14.030
Modified: 2020-12-18T14:58:31.343
Link: CVE-2020-5683
JSON object: View
Redhat Information
No data.
CWE