CVE-2025-22137

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-22137
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-22137.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-22137
Aliases
  • GHSA-rjwx-p44f-mcrv
Published
2025-01-08T16:15:38Z
Modified
2025-01-15T05:27:41.818271Z
Summary
[none]
Details

Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. This vulnerability allows an authenticated or unauthenticated (if anonymous shares are allowed) user to overwrite arbitrary files on the server, including sensitive system files, via HTTP POST requests. The issue has been patched in version 1.4.0.

References

Affected packages

Git / github.com/stonith404/pingvin-share

Affected ranges

Type
GIT
Repo
https://github.com/stonith404/pingvin-share
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

v0.*

v0.0.1
v0.1.0
v0.1.1
v0.10.0
v0.10.1
v0.10.2
v0.11.0
v0.11.1
v0.12.0
v0.12.1
v0.13.0
v0.13.1
v0.14.0
v0.14.1
v0.15.0
v0.16.0
v0.16.1
v0.17.0
v0.17.1
v0.17.2
v0.17.3
v0.17.4
v0.17.5
v0.18.0
v0.18.1
v0.18.2
v0.19.0
v0.19.1
v0.19.2
v0.2.0
v0.20.0
v0.20.1
v0.20.2
v0.20.3
v0.21.0
v0.21.1
v0.21.2
v0.21.3
v0.21.4
v0.21.5
v0.22.0
v0.22.1
v0.22.2
v0.23.0
v0.23.1
v0.24.0
v0.24.1
v0.24.2
v0.25.0
v0.26.0
v0.27.0
v0.28.0
v0.29.0
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.3.6
v0.4.0
v0.5.0
v0.5.1
v0.6.0
v0.6.1
v0.7.0
v0.8.0
v0.9.0

v1.*

v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.3.0