CVE-2019-6513

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-6513

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-6513.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-6513

Published

2019-05-21T22:29:19.650Z

Modified

2026-04-10T04:19:46.806574Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVSS Calculator

Summary

[none]

Details

An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one.

References

Affected packages

Git / github.com/wso2/product-apim

Affected ranges

Type

GIT

Repo

https://github.com/wso2/product-apim

Events

Introduced

Last affected

a87463944acbc28f14c0af2a32dc30310147a0be

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.6.0"
        }
    ]
}

Affected versions

test-tag-1.*

test-tag-1.9.0-Alpha

v1.*

v1.9.0

v1.9.0-Alpha

v1.9.0-Beta

v1.9.0-Beta-2

v1.9.0-Beta-3

v1.9.0-M2

v2.*

v2.0.0-ALPHA

v2.0.0-M4

v2.1.0-alpha

v2.1.0-update1

v2.1.0-update10

v2.1.0-update11

v2.1.0-update12

v2.1.0-update13

v2.1.0-update14

v2.1.0-update2

v2.1.0-update3

v2.1.0-update5

v2.1.0-update7

v2.1.0-update8

v2.1.0-update9

v2.2.0

v2.2.0-update1

v2.2.0-update2

v2.2.0-update3

v2.2.0-update4

v2.2.0-update5

v2.2.0-update6

v2.2.0-update7

v2.5.0

v2.5.0-Alpha

v2.5.0-Beta

v2.5.0-rc1

v2.5.0-rc2

v2.5.0-rc3

v2.5.0-rc4

v2.6.0

v2.6.0-alpha

v2.6.0-alpha2

v2.6.0-beta

v2.6.0-beta2

v2.6.0-m1

v2.6.0-m2

v2.6.0-rc1

v2.6.0-rc2

v2.6.0-rc3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-6513.json"