CVE-2022-29351 – tiddlywiki

Package

Manager: npm
Name: tiddlywiki
Vulnerable Version: <0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: N/A

EPSS: 0.01284 pctl0.78839

Details

Withdrawn: Code execution via SVG file upload in tiddlywiki ## Withdrawn Advisory This advisory has been withdrawn because it has been found to not be valid. Please see the issue [here](https://github.com/Jermolene/TiddlyWiki5/issues/7384) for more information. ## Original Description An arbitrary file upload vulnerability in the file upload module of Tiddlywiki5 v5.2.2 allows attackers to execute arbitrary code via a crafted SVG file.

Metadata

Created: 2022-05-17T00:01:44Z
Modified: 2024-05-17T18:36:05Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cr9c-rhq6-vh53/GHSA-cr9c-rhq6-vh53.json
CWE IDs: ["CWE-434"]
Alternative ID: GHSA-cr9c-rhq6-vh53
Finding: N/A
Auto approve: 0