In crater stata rilevata una vulnerabilità di livello critico. É interessato una funzione sconosciuta. Applicando la patch cdc913d16cf624aee852bc9163a7c6ffc8d1da9d è possibile eliminare il problema. Il bugfix è scaricabile da github.com.

Campo12/01/2022 19:3315/01/2022 09:59
namecratercrater
cwe434 (escalazione di privilegi)434 (escalazione di privilegi)
risk22
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
cvss3_cna_avNN
cvss3_cna_acLL
cvss3_cna_prLL
cvss3_cna_uiNN
cvss3_cna_sUU
cvss3_cna_cHH
cvss3_cna_iHH
cvss3_cna_aHH
urlhttps://huntr.dev/bounties/d7453360-baca-4e56-985f-481275fa38dbhttps://huntr.dev/bounties/d7453360-baca-4e56-985f-481275fa38db
namePatchPatch
patch_namecdc913d16cf624aee852bc9163a7c6ffc8d1da9dcdc913d16cf624aee852bc9163a7c6ffc8d1da9d
patch_urlhttps://github.com/crater-invoice/crater/commit/cdc913d16cf624aee852bc9163a7c6ffc8d1da9dhttps://github.com/crater-invoice/crater/commit/cdc913d16cf624aee852bc9163a7c6ffc8d1da9d
cveCVE-2021-4080CVE-2021-4080
cve_assigned16389180001638918000
cve_cnahuntr.devhuntr.dev
date1641942000 (12/01/2022)1641942000 (12/01/2022)
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss3_vuldb_eXX
cvss3_cna_basescore8.88.8
cvss2_vuldb_basescore6.56.5
cvss2_vuldb_tempscore5.75.7
cvss3_vuldb_basescore6.36.3
cvss3_vuldb_tempscore6.06.0
cvss3_meta_basescore7.57.5
cvss3_meta_tempscore7.47.4
price_0day$0-$5k$0-$5k
confirm_urlhttps://huntr.dev/bounties/d7453360-baca-4e56-985f-481275fa38db
identifiercdc913d16cf624aee852bc9163a7c6ffc8d1da9d
cve_nvd_summarycrater is vulnerable to Unrestricted Upload of File with Dangerous Type

Do you know our Splunk app?

Download it now for free!