CVE-2020-5683

Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier allows remote attackers to alter the data by uploading a specially crafted file.
References
Link Resource
https://github.com/weseek/growi Product Third Party Advisory
https://hub.docker.com/r/weseek/growi/ Product Third Party Advisory
https://jvn.jp/en/jp/JVN94169589/index.html Third Party Advisory
https://github.com/weseek/growi Product Third Party Advisory
https://hub.docker.com/r/weseek/growi/ Product Third Party Advisory
https://jvn.jp/en/jp/JVN94169589/index.html Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:weseek:growi:*:*:*:*:*:*:*:*
cpe:2.3:a:weseek:growi:*:*:*:*:*:*:*:*
cpe:2.3:a:weseek:growi:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:34

Type Values Removed Values Added
References () https://github.com/weseek/growi - Product, Third Party Advisory () https://github.com/weseek/growi - Product, Third Party Advisory
References () https://hub.docker.com/r/weseek/growi/ - Product, Third Party Advisory () https://hub.docker.com/r/weseek/growi/ - Product, Third Party Advisory
References () https://jvn.jp/en/jp/JVN94169589/index.html - Third Party Advisory () https://jvn.jp/en/jp/JVN94169589/index.html - Third Party Advisory

Information

Published : 2020-12-16 08:15

Updated : 2024-11-21 05:34


NVD link : CVE-2020-5683

Mitre link : CVE-2020-5683

CVE.ORG link : CVE-2020-5683


JSON object : View

Products Affected

weseek

  • growi
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')