A vulnerability, which was classified as critical, has been found in crater (unknown version). This issue affects some unknown functionality. Applying the patch cdc913d16cf624aee852bc9163a7c6ffc8d1da9d is able to eliminate this problem. The bugfix is ready for download at github.com.

Field01/12/2022 07:33 PM01/15/2022 09:59 AM
namecratercrater
cwe434 (privilege escalation)434 (privilege escalation)
risk22
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
cvss3_cna_avNN
cvss3_cna_acLL
cvss3_cna_prLL
cvss3_cna_uiNN
cvss3_cna_sUU
cvss3_cna_cHH
cvss3_cna_iHH
cvss3_cna_aHH
urlhttps://huntr.dev/bounties/d7453360-baca-4e56-985f-481275fa38dbhttps://huntr.dev/bounties/d7453360-baca-4e56-985f-481275fa38db
namePatchPatch
patch_namecdc913d16cf624aee852bc9163a7c6ffc8d1da9dcdc913d16cf624aee852bc9163a7c6ffc8d1da9d
patch_urlhttps://github.com/crater-invoice/crater/commit/cdc913d16cf624aee852bc9163a7c6ffc8d1da9dhttps://github.com/crater-invoice/crater/commit/cdc913d16cf624aee852bc9163a7c6ffc8d1da9d
cveCVE-2021-4080CVE-2021-4080
cve_assigned16389180001638918000
cve_cnahuntr.devhuntr.dev
date1641942000 (01/12/2022)1641942000 (01/12/2022)
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss3_vuldb_eXX
cvss3_cna_basescore8.88.8
cvss2_vuldb_basescore6.56.5
cvss2_vuldb_tempscore5.75.7
cvss3_vuldb_basescore6.36.3
cvss3_vuldb_tempscore6.06.0
cvss3_meta_basescore7.57.5
cvss3_meta_tempscore7.47.4
price_0day$0-$5k$0-$5k
confirm_urlhttps://huntr.dev/bounties/d7453360-baca-4e56-985f-481275fa38db
identifiercdc913d16cf624aee852bc9163a7c6ffc8d1da9d
cve_nvd_summarycrater is vulnerable to Unrestricted Upload of File with Dangerous Type

Want to stay up to date on a daily basis?

Enable the mail alert feature now!