PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the ‘file://’ URI scheme, allowing an authenticated user to read local files.

Source: CVE-2022-22701

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 항목은 *(으)로 표시합니다

Time limit is exhausted. Please reload the CAPTCHA.