Drogon
CVE-2022-25297
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names during upload using HttpFile::save() method may enable attackers to write files to arbitrary locations outside the designated target folder.
AnalysisAI
This affects the package drogonframework/drogon before 1.7.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-552. This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names during upload using HttpFile::save() method may enable attackers to write files to arbitrary locations outside the designated target folder. Affected products include: Drogon. Version information: before 1.7.5..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A path traversal vulnerability in the static router for Drogon from 1.0.0-beta14 to 1.6.0 could allow an unauthenticated
All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when untrusted user input i
All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to
A vulnerability, which was classified as problematic, has been found in drogon up to 1.8.1. Rated medium severity (CVSS
Same technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today