GHSA-w82x-xjjr-cjr5

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-w82x-xjjr-cjr5/GHSA-w82x-xjjr-cjr5.json
Aliases
  • CVE-2022-32060
Published
2022-07-08T00:00:42Z
Modified
2022-11-23T22:14:33.907278Z
Details

An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.

References

Affected packages

Packagist / snipe/snipe-it

snipe/snipe-it

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Last affected
6.0.2

Affected versions

3.*

3.2.0

v0.*

v0.1.0
v0.1.1
v0.1.2
v0.2.0
v0.3.0-alpha
v0.3.10-alpha
v0.3.11-alpha
v0.3.7-alpha
v0.3.8-alpha
v0.3.9-alpha

v1.*

v1.0
v1.1
v1.2.0
v1.2.1
v1.2.10
v1.2.11
v1.2.2
v1.2.3
v1.2.3-beta
v1.2.4
v1.2.4-beta
v1.2.5
v1.2.6
v1.2.6-beta
v1.2.6.1
v1.2.7
v1.2.7-beta
v1.2.8
v1.2.9

v2.*

v2.0
v2.0-RC-1
v2.0-beta
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.1.0
v2.1.1
v2.1.2

v3.*

v3.0
v3.0-alpha
v3.0-alpha2
v3.0-beta.1
v3.0-beta.2
v3.0-beta.3
v3.0.0-beta
v3.1.0
v3.3.0
v3.3.0-beta
v3.4
v3.4.0-alpha
v3.4.0-beta
v3.5.0
v3.5.0-beta
v3.5.0-beta2
v3.5.1
v3.5.2
v3.6.0
v3.6.1
v3.6.2
v3.6.3
v3.6.4
v3.6.5
v3.6.6

Other

v4-beta3
v4-beta4

v4.*

v4.0
v4.0-alpha
v4.0-alpha-2
v4.0-beta
v4.0-beta2
v4.0-beta5
v4.0-beta6
v4.0.1
v4.0.10
v4.0.11
v4.0.12
v4.0.13
v4.0.14
v4.0.15
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.1.0-beta
v4.1.0-beta2
v4.1.1
v4.1.10
v4.1.11
v4.1.12
v4.1.13
v4.1.14
v4.1.2
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.1.9
v4.2.0
v4.3.0
v4.4.0
v4.4.1
v4.5.0
v4.6.0
v4.6.1
v4.6.10
v4.6.11
v4.6.12
v4.6.13
v4.6.14
v4.6.15
v4.6.16
v4.6.17
v4.6.18
v4.6.2
v4.6.3
v4.6.4
v4.6.5
v4.6.6
v4.6.7
v4.6.8
v4.6.9
v4.7.0
v4.7.1
v4.7.2
v4.7.3
v4.7.4
v4.7.5
v4.7.6
v4.7.7
v4.7.8
v4.8.0
v4.9.0
v4.9.1
v4.9.2
v4.9.3
v4.9.4
v4.9.5

v5.*

v5.0.0
v5.0.0-beta-1.0
v5.0.0-beta-1.1
v5.0.0-beta-2
v5.0.0-beta-3.0
v5.0.0-beta-4
v5.0.0-beta-5
v5.0.1
v5.0.10
v5.0.11
v5.0.12
v5.0.2
v5.0.3
v5.0.4
v5.0.5
v5.0.6
v5.0.7
v5.0.8
v5.0.9
v5.1.0
v5.1.1
v5.1.2
v5.1.3
v5.1.4
v5.1.5
v5.1.6
v5.1.7
v5.1.8
v5.2.0
v5.3.0
v5.3.1
v5.3.10
v5.3.2
v5.3.3
v5.3.4
v5.3.5
v5.3.6
v5.3.7
v5.3.8
v5.3.9
v5.4.0
v5.4.1
v5.4.2
v5.4.3
v5.4.4

v6.*

v6.0.0
v6.0.0-RC-1
v6.0.0-RC-2
v6.0.0-RC-3
v6.0.0-RC-4
v6.0.0-RC-5
v6.0.0-RC-6
v6.0.0-RC-7
v6.0.0-RC-8
v6.0.1
v6.0.2