logo

Database

Insecure file upload In formidable

Description

Formidable arbitrary file upload Withdrawn: This advisory was improperly assigned.

An arbitrary file upload vulnerability in formidable v3.2.4 allows attackers to execute arbitrary code via a crafted filename.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2022-296222. NVD-2022-296223. OSV-2022-296224. OSV-DEBIAN-2022-296225. GCVE-2022-296226. SECURITY-TRACKER-CVE-2022-29622

References

1. https://github.com/node-formidable/formidable/issues/8562. https://github.com/node-formidable/formidable/issues/8623. https://github.com/strapi/strapi/issues/201894. https://github.com/node-formidable/formidable/pull/8575. https://gitlab.com/keymandll/blog/-/blob/master/posts/03062022-Invulnerability_Analysis-CVE-2022%E2%80%9329622/index.md6. https://medium.com/%40zsolt.imre/is-cybersecurity-the-next-supply-chain-vulnerability-9a00de7450227. https://portswigger.net/daily-swig/researcher-defends-formidable-in-fight-against-critical-cve-vulnerability-assignment8. https://www.youtube.com/watch?v=C6QPKooxhAo9. https://github.com/keymandll/CVE-2022-29622

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.