GHSA-r2w2-h6r8-3r53

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-r2w2-h6r8-3r53/GHSA-r2w2-h6r8-3r53.json
Aliases
  • CVE-2021-25971
Published
2022-05-24T19:18:05Z
Modified
2023-01-31T02:42:36.697668Z
Details

In Camaleon CMS, versions 2.0.1 through 2.6.0 are vulnerable to an Uncaught Exception. The app's media upload feature crashes permanently when an attacker with a low privileged access uploads a specially crafted .svg file.

References

Affected packages

RubyGems / camaleon_cms

camaleon_cms

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.0.1
Fixed
2.6.0.1

Affected versions

2.*

2.0.1
2.0.2
2.0.3
2.0.4
2.0.4.1
2.1.0
2.1.1
2.1.1.4
2.1.2.0
2.1.2.1
2.2.0
2.2.1
2.3.0
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.7.1
2.3.7.2
2.4.0
2.4.1
2.4.2
2.4.3
2.4.3.1
2.4.3.10
2.4.3.11
2.4.3.12
2.4.3.13
2.4.3.2
2.4.3.3
2.4.3.4
2.4.3.5
2.4.3.6
2.4.3.7
2.4.3.8
2.4.3.9
2.4.4
2.4.4.1
2.4.4.2
2.4.4.3
2.4.4.4
2.4.4.5
2.4.4.6
2.4.4.7
2.4.5
2.4.5.1
2.4.5.10
2.4.5.11
2.4.5.12
2.4.5.13
2.4.5.14
2.4.5.2
2.4.5.3
2.4.5.4
2.4.5.5
2.4.5.7
2.4.5.8
2.4.5.9
2.4.6.0
2.4.6.1
2.4.6.2
2.4.6.3
2.4.6.4
2.4.6.5
2.4.6.6
2.4.6.7
2.4.6.8
2.4.6.9
2.5.0
2.5.1
2.5.2
2.5.3
2.5.3.1
2.6.0