RSS   Vulnerabilities for 'Drogon'   RSS

2022-02-21
 
CVE-2022-25297

CWE-552
 

 
This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names during upload using HttpFile::save() method may enable attackers to write files to arbitrary locations outside the designated target folder.

 
2021-08-04
 
CVE-2021-35397

CWE-22
 

 
A path traversal vulnerability in the static router for Drogon from 1.0.0-beta14 to 1.6.0 could allow an unauthenticated, remote attacker to arbitrarily read files. The vulnerability is due to lack of proper input validation for requested path. An attacker could exploit this vulnerability by sending crafted HTTP request with specific path to read. Successful exploitation could allow the attacker to read files that should be restricted.

 


Copyright 2024, cxsecurity.com

 

Back to Top