[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2022-29464 :: WSO2 Unrestricted arbitrary file upload, and remote code to executi
From:       "Myers, Christopher" <Christopher.Myers () sdbor ! edu>
Date:       2022-04-22 17:49:37
Message-ID: DM5PR14MB146504CDA1924C1B6B2479AEE1F79 () DM5PR14MB1465 ! namprd14 ! prod ! outlook ! com
[Download RAW message or body]


I have not seen this come across the oss-sec/CISA/DHS emails at this point,=
 but anyone using WSO2 or a derivative needs to check this out right away.

https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1738

https://nvd.nist.gov/vuln/detail/CVE-2022-29464

Good writeup and PoC code here: https://github.com/hakivvi/CVE-2022-29464


[prev in list] [next in list] [prev in thread] [next in thread]