CVE-2022-2872 – octoprint

Package

Manager: pip
Name: octoprint
Vulnerable Version: >=0 <1.8.3

Severity

Level: Low

CVSS v3.1: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00105 pctl0.29254

Details

OctoPrint vulnerable to Unrestricted Upload of File with Dangerous Type OctoPrint prior to version 1.8.3 is vulnerable to Unrestricted Upload of File with Dangerous Type. Due to misconfiguration in move file functionality, an attacker could easily change the file extension of an uploaded malicious file disguised as a `.gcode` file. Version 1.8.3 contains a patch.

Metadata

Created: 2022-09-22T00:00:32Z
Modified: 2024-10-07T21:33:25Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-49wm-4fp6-h59c/GHSA-49wm-4fp6-h59c.json
CWE IDs: ["CWE-434"]
Alternative ID: GHSA-49wm-4fp6-h59c
Finding: F027
Auto approve: 1