Security Advisory

CVE-2022-25299

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-02-18 12:55:21

Last updated 2024-09-16 17:52:54

Assigner snyk

State PUBLISHED

Description

This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside the designated target folder.

← Browse all CVEs View on cve.org ↗