CVE-2022-29622

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-29622

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-29622.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-29622

Withdrawn

2024-04-26T22:00:12Z

Published

2022-05-16T14:15:08Z

Modified

2024-08-07T03:01:17.295431Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are configuration options in all versions that can change the default behavior of how files are handled. Strapi does not consider this to be a valid vulnerability.

References

Affected packages

Debian:11 / node-formidable

Package

Name: node-formidable
Purl: pkg:deb/debian/node-formidable?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.1+20200129git8231ea6-1

1.2.1+20200129git8231ea6-2

3.*

3.2.1+20220105git2815e91+~cs4.0.6-1

3.2.1+20220105git2815e91+~cs4.0.6-2

3.2.1+20220105git2815e91+~cs4.0.6-3

3.2.1+20220105git2815e91+~cs4.0.6-4

3.2.3+20220426git971e3a7+~cs4.0.8-1

3.2.4+20220519git81dd350+~cs4.0.9-1

3.2.4+20220822gitd285a08+~cs4.0.9-1

3.2.5+20221017git493ec88+~cs4.0.9-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / node-formidable

Package

Name: node-formidable
Purl: pkg:deb/debian/node-formidable?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.4+20220519git81dd350+~cs4.0.9-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / node-formidable

Package

Name: node-formidable
Purl: pkg:deb/debian/node-formidable?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.4+20220519git81dd350+~cs4.0.9-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Git / github.com/node-formidable/formidable

Affected ranges

Type: GIT
Repo: https://github.com/node-formidable/formidable
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

5706c14b0c65817588cd1673f10ed7419b59628a

Type: GIT
Repo: https://github.com/strapi/strapi
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

231263a3535658bab1e9492c6aaaed8692d62a53

Affected versions

3.*

3.1.4

v0.*

v0.1.0

v0.2.0

v0.3.0

v0.4.0

v0.5.0

v0.6.0

v0.7.0

v0.8.0

v0.9.0

v0.9.1

v0.9.10

v0.9.11

v0.9.2

v0.9.3

v0.9.4

v0.9.5

v0.9.6

v0.9.7

v0.9.8

v0.9.9

v1.*

v1.0.0

v1.0.1

v1.0.10

v1.0.11

v1.0.12

v1.0.13

v1.0.14

v1.0.15

v1.0.16

v1.0.17

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.0.6

v1.0.7

v1.0.8

v1.0.9

v1.1.0

v1.1.1

v1.2.0

v1.2.1

v1.3.0

v1.3.1

v1.4.0

v1.4.1

v1.5.0

v1.5.1

v1.5.2

v1.5.3

v1.5.4

v3.*

v3.0.0

v3.0.0-alpha.10.1

v3.0.0-alpha.10.2

v3.0.0-alpha.10.3

v3.0.0-alpha.11

v3.0.0-alpha.11.1

v3.0.0-alpha.11.2

v3.0.0-alpha.11.3

v3.0.0-alpha.12

v3.0.0-alpha.12.1

v3.0.0-alpha.12.2

v3.0.0-alpha.12.3

v3.0.0-alpha.12.4

v3.0.0-alpha.12.5

v3.0.0-alpha.12.6

v3.0.0-alpha.12.7

v3.0.0-alpha.12.7.1

v3.0.0-alpha.13

v3.0.0-alpha.13.0.1

v3.0.0-alpha.13.1

v3.0.0-alpha.14

v3.0.0-alpha.14.1

v3.0.0-alpha.14.1.1

v3.0.0-alpha.14.2

v3.0.0-alpha.14.3

v3.0.0-alpha.14.4.0

v3.0.0-alpha.14.5

v3.0.0-alpha.15

v3.0.0-alpha.16

v3.0.0-alpha.17

v3.0.0-alpha.18

v3.0.0-alpha.19

v3.0.0-alpha.20

v3.0.0-alpha.21

v3.0.0-alpha.22

v3.0.0-alpha.23

v3.0.0-alpha.23.1

v3.0.0-alpha.24

v3.0.0-alpha.24.1

v3.0.0-alpha.25

v3.0.0-alpha.25.1

v3.0.0-alpha.25.2

v3.0.0-alpha.26

v3.0.0-alpha.26.1

v3.0.0-alpha.26.2

v3.0.0-alpha.4

v3.0.0-alpha.4.8

v3.0.0-alpha.5.3

v3.0.0-alpha.5.5

v3.0.0-alpha.6.3

v3.0.0-alpha.6.4

v3.0.0-alpha.6.7

v3.0.0-alpha.7.3

v3.0.0-alpha.8

v3.0.0-alpha.8.3

v3.0.0-alpha.9

v3.0.0-alpha.9.1

v3.0.0-alpha.9.2

v3.0.0-beta.0

v3.0.0-beta.1

v3.0.0-beta.10

v3.0.0-beta.11

v3.0.0-beta.12

v3.0.0-beta.13

v3.0.0-beta.14

v3.0.0-beta.15

v3.0.0-beta.16

v3.0.0-beta.16.1

v3.0.0-beta.16.2

v3.0.0-beta.16.3

v3.0.0-beta.16.4

v3.0.0-beta.16.5

v3.0.0-beta.16.6

v3.0.0-beta.16.7

v3.0.0-beta.16.8

v3.0.0-beta.17

v3.0.0-beta.17.1

v3.0.0-beta.17.2

v3.0.0-beta.17.3

v3.0.0-beta.17.4

v3.0.0-beta.17.5

v3.0.0-beta.17.6

v3.0.0-beta.17.7

v3.0.0-beta.17.8

v3.0.0-beta.18

v3.0.0-beta.18.1

v3.0.0-beta.18.2

v3.0.0-beta.18.3

v3.0.0-beta.18.4

v3.0.0-beta.18.5

v3.0.0-beta.18.6

v3.0.0-beta.18.7

v3.0.0-beta.18.8

v3.0.0-beta.19

v3.0.0-beta.19.1

v3.0.0-beta.19.2

v3.0.0-beta.19.3

v3.0.0-beta.19.4

v3.0.0-beta.19.5

v3.0.0-beta.2

v3.0.0-beta.20

v3.0.0-beta.20.1

v3.0.0-beta.20.2

v3.0.0-beta.20.3

v3.0.0-beta.3

v3.0.0-beta.4

v3.0.0-beta.5

v3.0.0-beta.6

v3.0.0-beta.7

v3.0.0-beta.8

v3.0.0-beta.9

v3.0.0-rc.0

v3.0.0-rc.1

v3.0.1

v3.0.2

v3.0.3

v3.0.4

v3.0.5

v3.0.6

v3.1.0

v3.1.1

v3.1.2

v3.1.3

v3.1.4