CVE-2022-25299

Published February 18th, 2022

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

MEDIUM

Affected

PROJECT

Description

This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside the designated target folder.

cesanta/mongoose

Embedded web server, with TCP/IP network stack, MQTT and Websocket

GitHub

12.8K