mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
103 lines
4.4 KiB
JSON
103 lines
4.4 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-28147",
|
|
"ASSIGNER": "security-research@sec-consult.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "An authenticated user can upload arbitrary files in the upload \nfunction for collection preview images. An attacker may upload an HTML \nfile that includes malicious JavaScript code which will be executed if a\n user visits the direct URL of the collection preview image (Stored \nCross Site Scripting). It is also possible to upload SVG files that \ninclude nested XML entities. Those are parsed when a user visits the \ndirect URL of the collection preview image, which may be utilized for a \nDenial of Service attack.\n\nThis issue affects edu-sharing: <8.0.8-RC2, <8.1.4-RC0, <9.0.0-RC19."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
|
|
"cweId": "CWE-434"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "metaVentis GmbH",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "edu-sharing",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"status": "affected",
|
|
"version": "<8.0.8-RC2, <8.1.4-RC0, <9.0.0-RC19",
|
|
"versionType": "custom"
|
|
}
|
|
],
|
|
"defaultStatus": "affected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://r.sec-consult.com/metaventis",
|
|
"refsource": "MISC",
|
|
"name": "https://r.sec-consult.com/metaventis"
|
|
},
|
|
{
|
|
"url": "http://seclists.org/fulldisclosure/2024/Jun/11",
|
|
"refsource": "MISC",
|
|
"name": "http://seclists.org/fulldisclosure/2024/Jun/11"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.2.0"
|
|
},
|
|
"source": {
|
|
"discovery": "UNKNOWN"
|
|
},
|
|
"solution": [
|
|
{
|
|
"lang": "en",
|
|
"supportingMedia": [
|
|
{
|
|
"base64": false,
|
|
"type": "text/html",
|
|
"value": "<p>The repository base version in use can be identified in the Admin-Tools. The vendor provides a patch for the affected versions:</p><ul><li>Version 8.0: Update repository version to \"8.0.8-RC2\" or later</li><li>Version 8.1: Update repository version to \"8.1.4-RC0\" or later</li><li>Version 9.0: Update repository version to \"9.0.0-RC19\" or later</li></ul><br>"
|
|
}
|
|
],
|
|
"value": "The repository base version in use can be identified in the Admin-Tools. The vendor provides a patch for the affected versions:\n\n * Version 8.0: Update repository version to \"8.0.8-RC2\" or later\n * Version 8.1: Update repository version to \"8.1.4-RC0\" or later\n * Version 9.0: Update repository version to \"9.0.0-RC19\" or later"
|
|
}
|
|
],
|
|
"credits": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Kai Zimmermann, SEC Consult Vulnerability Lab"
|
|
}
|
|
]
|
|
} |