Podatność CVE-2024-49366


Publikacja: 2024-10-21

Opis:
Nginx UI is a web user interface for the Nginx web server. Nginx UI v2.0.0-beta.35 and earlier gets the value from the json field without verification, and can construct a value value in the form of `../../`. Arbitrary files can be written to the server, which may result in loss of permissions. Version 2.0.0-beta.26 fixes the issue.

Typ:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

 Referencje:
https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-prv4-rx44-f7jr
https://github.com/0xJacky/nginx-ui/releases/tag/v2.0.0-beta.36

Copyright 2024, cxsecurity.com

 

Back to Top