Podatność CVE-2022-40976
Publikacja: 2022-11-24

Opis:
A path traversal vulnerability was discovered in multiple Pilz products. An unauthenticated local attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip').

Typ:

CWE-22

 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

 Referencje:
https://cert.vde.com/en/advisories/VDE-2022-044/
https://cert.vde.com/en/advisories/VDE-2022-045/
Copyright 2024, cxsecurity.com

 

Back to Top