Vulnerability Details CVE-2022-25299
This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside the designated target folder.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 56.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 5.0
References
Products affected by CVE-2022-25299
-
cpe:2.3:a:cesanta:mongoose:-
-
cpe:2.3:a:cesanta:mongoose:3.2
-
cpe:2.3:a:cesanta:mongoose:3.3
-
cpe:2.3:a:cesanta:mongoose:3.4
-
cpe:2.3:a:cesanta:mongoose:3.5
-
cpe:2.3:a:cesanta:mongoose:3.6
-
cpe:2.3:a:cesanta:mongoose:3.7
-
cpe:2.3:a:cesanta:mongoose:3.8
-
cpe:2.3:a:cesanta:mongoose:4.0
-
cpe:2.3:a:cesanta:mongoose:4.1
-
cpe:2.3:a:cesanta:mongoose:5.0
-
cpe:2.3:a:cesanta:mongoose:5.1
-
cpe:2.3:a:cesanta:mongoose:5.2
-
cpe:2.3:a:cesanta:mongoose:5.3
-
cpe:2.3:a:cesanta:mongoose:5.4
-
cpe:2.3:a:cesanta:mongoose:5.5
-
cpe:2.3:a:cesanta:mongoose:5.6
-
cpe:2.3:a:cesanta:mongoose:6.0
-
cpe:2.3:a:cesanta:mongoose:6.1
-
cpe:2.3:a:cesanta:mongoose:6.10
-
cpe:2.3:a:cesanta:mongoose:6.11
-
cpe:2.3:a:cesanta:mongoose:6.12
-
cpe:2.3:a:cesanta:mongoose:6.13
-
cpe:2.3:a:cesanta:mongoose:6.14
-
cpe:2.3:a:cesanta:mongoose:6.15
-
cpe:2.3:a:cesanta:mongoose:6.16
-
cpe:2.3:a:cesanta:mongoose:6.17
-
cpe:2.3:a:cesanta:mongoose:6.18
-
cpe:2.3:a:cesanta:mongoose:6.2
-
cpe:2.3:a:cesanta:mongoose:6.3
-
cpe:2.3:a:cesanta:mongoose:6.4
-
cpe:2.3:a:cesanta:mongoose:6.5
-
cpe:2.3:a:cesanta:mongoose:6.6
-
cpe:2.3:a:cesanta:mongoose:6.7
-
cpe:2.3:a:cesanta:mongoose:6.8
-
cpe:2.3:a:cesanta:mongoose:6.9
-
cpe:2.3:a:cesanta:mongoose:7.0
-
cpe:2.3:a:cesanta:mongoose:7.1
-
cpe:2.3:a:cesanta:mongoose:7.2
-
cpe:2.3:a:cesanta:mongoose:7.3
-
cpe:2.3:a:cesanta:mongoose:7.4
-
cpe:2.3:a:cesanta:mongoose:7.5