CVE-2021-43829

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-43829
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43829.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-43829
Related
  • GHSA-5hc9-6hq4-2xfx
Published
2021-12-14T20:15:07Z
Modified
2025-01-15T02:08:16.045966Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.7.7 PatrowlManager unrestrictly handle upload files in the findings import feature. This vulnerability is capable of uploading dangerous type of file to server leading to XSS attacks and potentially other forms of code injection. Users are advised to update to 1.7.7 as soon as possible. There are no known workarounds for this issue.

References

Affected packages

Git / github.com/patrowl/patrowlmanager

Affected ranges

Type
GIT
Repo
https://github.com/patrowl/patrowlmanager
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

1.*

1.0.6
1.1.3-beta
1.3.0
1.3.1
1.3.4
1.3.5
1.3.6
1.3.7
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.8
1.5.0
1.5.1
1.5.2
1.5.3
1.5.4-rc1
1.5.4-rc2
1.5.4-rc3
1.5.4-rc4
1.5.5-rc1
1.5.5-rc2
1.5.5-rc3
1.5.5-rc4
1.5.5-rc5
1.6.0
1.6.1
1.6.10
1.6.11
1.6.12
1.6.13
1.6.14
1.6.15
1.6.16
1.6.17
1.6.18
1.6.19
1.6.2
1.6.21
1.6.23
1.6.24
1.6.25
1.6.26
1.6.27
1.6.28
1.6.3
1.6.4
1.6.5
1.6.6
1.6.7
1.6.9
1.7.0
1.7.2
1.7.3
1.7.4
1.7.5
1.7.6

v1.*

v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.6
v1.1.0
v1.1.1
v1.1.3-beta