CVE-2020-5683

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-5683
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-5683.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-5683
Published
2020-12-16T08:15:14.030Z
Modified
2026-04-10T04:27:42.995360Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier allows remote attackers to alter the data by uploading a specially crafted file.

References

Affected packages

Git / github.com/weseek/growi

Affected ranges

Type
GIT
Repo
https://github.com/weseek/growi
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c8a1e3909115b99cfb64deb1b43e20e79a1af044
Introduced
48cedbc421c88cff4318281edadd95bb9455c352
Fixed
f1d7cc3d26a05ea2d2d2677b43d40151b0c9169b
Introduced
ab5ef887884fb8f16d4f68c93854b9eca7374d96
Fixed
57a8c62f9f9da8a9fc474ae5e752e9e313c4b8ca
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.8.2"
        },
        {
            "introduced": "4.1.0"
        },
        {
            "fixed": "4.1.12"
        },
        {
            "introduced": "4.2.0"
        },
        {
            "fixed": "4.2.3"
        }
    ]
}

Affected versions

1.*
1.0.0-RC3
v1.*
v1.0.0-RC
v1.0.0-RC2
v1.0.0-RC4
v1.3.0
v1.3.1
v1.4.0
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.6.0
v3.*
v3.8.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-5683.json"