CVE-2022-25297

This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names during upload using HttpFile::save() method may enable attackers to write files to arbitrary locations outside the designated target folder.
Configurations

Configuration 1

cpe:2.3:a:drogon:drogon:*:*:*:*:*:*:*:*

Information

Published : 2022-02-21 08:15

Updated : 2022-02-28 07:22


NVD link : CVE-2022-25297

Mitre link : CVE-2022-25297

Products Affected
No products.
CWE