[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2022-29464 :: WSO2 Unrestricted arbitrary file upload, and remote code to executi
From: "Myers, Christopher" <Christopher.Myers () sdbor ! edu>
Date: 2022-04-22 17:49:37
Message-ID: DM5PR14MB146504CDA1924C1B6B2479AEE1F79 () DM5PR14MB1465 ! namprd14 ! prod ! outlook ! com
[Download RAW message or body]
I have not seen this come across the oss-sec/CISA/DHS emails at this point,=
but anyone using WSO2 or a derivative needs to check this out right away.
https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1738
https://nvd.nist.gov/vuln/detail/CVE-2022-29464
Good writeup and PoC code here: https://github.com/hakivvi/CVE-2022-29464
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic