CVE-2022-27260 – buttercms

Package

Manager: npm
Name: buttercms
Vulnerable Version: >=0 <=1.2.8

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00832 pctl0.73689

Details

Unrestricted Upload of File with Dangerous Type in ButterCMS An arbitrary file upload vulnerability in the file upload component of ButterCMS v1.2.8 allows attackers to execute arbitrary code via a crafted SVG file.

Metadata

Created: 2022-04-13T00:00:24Z
Modified: 2022-04-22T21:02:44Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-3v5x-qjrp-q2hq/GHSA-3v5x-qjrp-q2hq.json
CWE IDs: ["CWE-434"]
Alternative ID: GHSA-3v5x-qjrp-q2hq
Finding: F027
Auto approve: 1