← Voltar para CVEs
CVE-2020-21522
CRITICAL9.8
Descricao
An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and finally get the permissions of the operating system.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado9/30/2020
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
halo:halo
Fraquezas (CWE)
CWE-22
Referencias
https://github.com/halo-dev/halo/issues/418(cve@mitre.org)
https://github.com/halo-dev/halo/issues/418(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.