Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary File Write
Vulnerability Description
This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside the designated target folder.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
Cesanta Mongoose 安全漏洞
Vulnerability Description
Cesanta Mongoose是爱尔兰Cesanta公司的一套嵌入式服务器库,它包括TCP、HTTP客户端和服务器、WenSocket客户端和服务器等功能。 mongoose存在安全漏洞,该漏洞源于使用mg http upload()方法在上传过程中对文件名的不安全处理可能使攻击者可利用该漏洞能够将文件写入指定目标文件夹之外的任意位置。
CVSS Information
N/A
Vulnerability Type
N/A