CVE-2021-25971 – camaleon_cms

Package

Manager: gem
Name: camaleon_cms
Vulnerable Version: >=2.0.1 <2.6.0.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00389 pctl0.59208

Details

Camaleon CMS vulnerable to Uncaught Exception In Camaleon CMS, versions 2.0.1 through 2.6.0 are vulnerable to an Uncaught Exception. The app's media upload feature crashes permanently when an attacker with a low privileged access uploads a specially crafted .svg file.

Metadata

Created: 2022-05-24T19:18:05Z
Modified: 2023-01-24T15:55:07Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-r2w2-h6r8-3r53/GHSA-r2w2-h6r8-3r53.json
CWE IDs: ["CWE-248"]
Alternative ID: GHSA-r2w2-h6r8-3r53
Finding: F140
Auto approve: 1