GHSA-68q3-7wjp-7q3j

Suggest an improvement
Source
https://github.com/advisories/GHSA-68q3-7wjp-7q3j
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/06/GHSA-68q3-7wjp-7q3j/GHSA-68q3-7wjp-7q3j.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-68q3-7wjp-7q3j
Aliases
Published
2020-06-09T00:25:34Z
Modified
2023-11-08T04:03:49.772751Z
Severity
  • 7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N CVSS Calculator
Summary
The filename of uploaded files vulnerable to stored XSS
Details

Impact

The filename of uploaded files was vulnerable to stored XSS. It is not possible to inject javascript code in the file name when creating/uploading the file. But, once created/uploaded, it can be renamed to inject the payload in it.

Additionally, the measures to prevent renaming the file to disallowed filename extensions could be circumvented.

Patches

This is fixed in Bolt 3.7.1.

References

Related issue: https://github.com/bolt/bolt/pull/7853

References

Affected packages

Packagist / bolt/bolt

Package

Name
bolt/bolt
Purl
pkg:composer/bolt/bolt

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.7.1

Affected versions

v0.*

v0.8.4
v0.8.5
v0.9.5
v0.9.10

v1.*

v1.0.0
v1.0.5
v1.1.2
v1.1.4
v1.2.1
v1.3.0
v1.4.0
v1.4.3
v1.5.1
v1.5.6
v1.6.0
v1.6.2
v1.6.3
v1.6.3.1
v1.6.9

v2.*

v2.0.0
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.1.0
v2.1.1
v2.1.1-pl1
v2.1.2
v2.1.3
v2.1.3-pl1
v2.1.4
v2.1.4-pl1
v2.1.5
v2.1.6
v2.1.7
v2.1.8
v2.1.8-pl1
v2.1.9
v2.2.0
v2.2.1
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.2.6
v2.2.7
v2.2.8
v2.2.9
v2.2.10
v2.2.11
v2.2.13
v2.2.14
v2.2.15
v2.2.16
v2.2.17
v2.2.18
v2.2.19
v2.2.19-pl1
v2.2.20
v2.2.21
v2.2.22
v2.2.23
v2.2.24
v2.2.25

v3.*

v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.8
v3.0.9
v3.0.10
v3.0.11
v3.0.12
v3.1.0
v3.1.1
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.1.6
v3.2.0
v3.2.1
v3.2.2
v3.2.3
v3.2.4
v3.2.5
v3.2.6
v3.2.7
v3.2.8
v3.2.9
v3.2.10
v3.2.11
v3.2.12
v3.2.13
v3.2.14
v3.2.15
v3.2.16
v3.2.17
v3.2.18
v3.2.19
v3.2.20
v3.3.0
v3.3.1
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.3.6
v3.4.0
v3.4.1
v3.4.2
v3.4.3
v3.4.4
v3.4.5
v3.4.6
v3.4.7
v3.4.8
v3.4.9
v3.4.10
v3.4.11
v3.5.0
v3.5.1
v3.5.2
v3.5.3
v3.5.4
v3.5.5
v3.5.6
v3.6.0-beta.1
v3.6.0-beta.2
v3.6.0-beta.3
v3.6.0-beta.4
v3.6.0-beta.5
v3.6.0-beta.6
v3.6.0-beta.7
v3.6.0
v3.6.1
v3.6.2
v3.6.3
v3.6.4
v3.6.5
v3.6.6
v3.6.7
v3.6.8
v3.6.9
v3.6.10
v3.6.11
v3.7.0

3.*

3.5.7