CVE-2020-5683

Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier allows remote attackers to alter the data by uploading a specially crafted file.
References
Link Resource
https://github.com/weseek/growi Product Third Party Advisory
https://hub.docker.com/r/weseek/growi/ Product Third Party Advisory
https://jvn.jp/en/jp/JVN94169589/index.html Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:weseek:growi:*:*:*:*:*:*:*:*
cpe:2.3:a:weseek:growi:*:*:*:*:*:*:*:*
cpe:2.3:a:weseek:growi:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-12-16 08:15

Updated : 2024-02-28 18:08


NVD link : CVE-2020-5683

Mitre link : CVE-2020-5683

CVE.ORG link : CVE-2020-5683


JSON object : View

Products Affected

weseek

  • growi
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')