mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-07-09 16:05:11 +00:00
32 lines
1.0 KiB
JSON
32 lines
1.0 KiB
JSON
|
{
|
||
|
|
"id": "CVE-2023-28458",
|
||
|
|
"sourceIdentifier": "cve@mitre.org",
|
||
|
|
"published": "2023-04-20T21:15:08.770",
|
||
|
|
"lastModified": "2023-04-21T01:45:50.230",
|
||
|
|
"vulnStatus": "Awaiting Analysis",
|
||
|
|
"descriptions": [
|
||
|
|
{
|
||
|
|
"lang": "en",
|
||
|
|
"value": "pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Organizers can trigger the overwriting (with the standard pretalx 404 page content) of an arbitrary file."
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"metrics": {},
|
||
|
|
"references": [
|
||
|
|
{
|
||
|
|
"url": "https://github.com/pretalx/pretalx/commit/60722c43cf975f319e94102e6bff320723776890",
|
||
|
|
"source": "cve@mitre.org"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"url": "https://github.com/pretalx/pretalx/releases/tag/v2.3.2",
|
||
|
|
"source": "cve@mitre.org"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"url": "https://pretalx.com/p/news/security-release-232/",
|
||
|
|
"source": "cve@mitre.org"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"url": "https://www.sonarsource.com/blog/pretalx-vulnerabilities-how-to-get-accepted-at-every-conference/",
|
||
|
|
"source": "cve@mitre.org"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|