GHSA-rpvr-mw7r-25xx
Suggest an improvement- Source
- https://github.com/advisories/GHSA-rpvr-mw7r-25xx
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-rpvr-mw7r-25xx/GHSA-rpvr-mw7r-25xx.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-rpvr-mw7r-25xx
- Aliases
-
- CVE-2021-46062
- Published
- 2022-02-19T00:01:24Z
- Modified
- 2024-02-16T08:11:34.370877Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVSS Calculator
- Summary
- MCMS Arbitrary File Deletion vulnerability
- Details
-
net.mingsoft:ms-basicis used for plugin management for applications built with Maven for the Mingfei Content Management System (MCMS). ms-basic before 2.1.16 is vulnerable to arbitrary file deletion using POST requests to/template/writeFileContentvia theoldFileNameparameter. MCMS before 5.2.11 is also vulnerable since it bundles vulnerable versions of ms-basic. - Database specific
{ "nvd_published_at": "2022-02-18T20:15:00Z", "cwe_ids": [ "CWE-22" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2022-03-01T20:58:14Z" }- References
Affected packages
Maven / net.mingsoft:ms-basic
Package
- Name
- net.mingsoft:ms-basic
- View open source insights on deps.dev
- Purl
- pkg:maven/net.mingsoft/ms-basic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.1.16
Affected versions
1.*
1.0.0
1.0.1
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.0.10
1.0.11
1.0.12
1.0.13
1.0.14
1.0.15
1.0.16
1.0.17
1.0.18
1.0.19
1.0.20
1.0.21
1.0.22
1.0.23
1.0.24
1.0.25
1.0.26
1.0.27
1.0.28
1.0.29
1.0.30
1.0.31
1.0.32
1.0.33
1.0.34
1.0.35
1.0.36
1.0.37
1.0.38
2.*
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.10
2.1.11
2.1.12
2.1.13
2.1.13.1
2.1.13.2
2.1.13.3
2.1.13.4
2.1.14
2.1.14.1
2.1.15
Maven / net.mingsoft:ms-mcms
Package
- Name
- net.mingsoft:ms-mcms
- View open source insights on deps.dev
- Purl
- pkg:maven/net.mingsoft/ms-mcms