Podatność CVE-2024-28335

Podatność CVE-2024-28335

Publikacja: 2024-03-27

Opis:

	Tytuł	Autor	Data
High	Lektor 3.3.10 Arbitrary File upload	kai6u	20.03.2024

Typ:

(Unrestricted Upload of File with Dangerous Type)

https://github.com/lektor/lektor/pull/1179/commits/8f38b9713d152622b69ff5e3b1e6a0d7bb7fa800

https://github.com/lektor/lektor/releases/tag/v3.3.11

https://cxsecurity.com/issue/WLB-2024030043

https://packetstormsecurity.com/files/177708/Lektor-Static-CMS-3.3.10-Arbitrary-File-Upload-Remote-Code-Execution.html

https://getlektor.com/docs/quickstart

https://brave.com/privacy-updates/27-localhost-permission/