This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside the designated target folder.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2022-02-18T12:55:21.998786Z
Updated: 2024-09-16T17:52:54.754Z
Reserved: 2022-02-16T00:00:00
Link: CVE-2022-25299
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-02-18T13:15:08.383
Modified: 2024-11-21T06:51:57.187
Link: CVE-2022-25299
Redhat
No data.