GHSA-fpph-mqc8-h6q5
Suggest an improvement- Source
- https://github.com/advisories/GHSA-fpph-mqc8-h6q5
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-fpph-mqc8-h6q5/GHSA-fpph-mqc8-h6q5.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-fpph-mqc8-h6q5
- Withdrawn
- 2024-08-20T17:31:24Z
- Published
- 2023-12-21T18:30:23Z
- Modified
- 2024-08-20T17:45:55.865771Z
- Severity
-
- 4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- Withdrawn Advisory: Unrestricted File Upload affecting automad
- Details
-
Withdrawn Advisory
This advisory has been withdrawn because JavaScript execution is the intended functionality of automad. This link is maintained to preserve external references.
Original Description
A vulnerability was found in automad up to 1.10.9. This affects the function upload of the file
FileCollectionController.phpof the componentContent Type Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely and an exploit has been disclosed publicly. - Database specific
{ "nvd_published_at": "2023-12-21T16:15:11Z", "cwe_ids": [ "CWE-434", "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-12-29T18:35:29Z" }- References
Affected packages
Packagist / automad/automad
Package
- Name
- automad/automad
- Purl
- pkg:composer/automad/automad