ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.
{
"cna_assigner": "mitre",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/36xxx/CVE-2022-36537.json"
}{
"source": "CPE_RANGE",
"cpe": "cpe:2.3:a:zkoss:zk_framework:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "8.6.4.2"
},
{
"introduced": "9.0.0"
},
{
"fixed": "9.0.1.3"
},
{
"introduced": "9.5.0"
},
{
"fixed": "9.5.1.3"
},
{
"introduced": "9.6.0"
},
{
"fixed": "9.6.2"
}
]
}