Pricing Enterprise

CVE-2024-42054

5.4MEDIUM

Cervantes through 0.5-alpha accepts insecure file uploads.

Published: 7/28/2024Updated: 11/21/2024

View on NVD View on MITRE

Description

Cervantes through 0.5-alpha accepts insecure file uploads.

AI AnalysisPowered by AI

Affected Products

cervantesseccervantes

0.3

cervantesseccervantes

0.4

cervantesseccervantes

0.5

References

https://github.com/CervantesSec/cervantes/commit/78631a034d0fb3323a53fb7428b2022b29a0d2cd
Patch
https://www.getastra.com/blog/vulnerability/xss-insecure-file-cervantes/
Third Party Advisory
https://www.jinsonvarghese.com/stored-xss-file-upload-vulnerabilities-found-in-cervantes/
Third Party Advisory
https://github.com/CervantesSec/cervantes/commit/78631a034d0fb3323a53fb7428b2022b29a0d2cd
Patch
https://www.getastra.com/blog/vulnerability/xss-insecure-file-cervantes/
Third Party Advisory
https://www.jinsonvarghese.com/stored-xss-file-upload-vulnerabilities-found-in-cervantes/
Third Party Advisory