CVE-2019-12276

Published June 5th, 2019

View on NVD ↗

CVSS v3

N/A

CVSS v2

MEDIUM

Affected

PROJECT

Description

A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. A patch for this issue was made on 2019-05-30 in GrandNode 4.40.

grandnode/grandnode

Open source, headless, multi-tenant eCommerce platform built with .NET Core, MongoDB, AWS DocumentDB, Azure CosmosDB, Vue.js.

GitHub

1.9K