CVE-2022-29623

ADVISORY - github

Summary

An arbitrary file upload vulnerability in the file upload module of Express Connect-Multiparty 2.2.0 allows attackers to execute arbitrary code via a crafted PDF file. NOTE: the Supplier has not verified this vulnerability report.

EPSS Score⁠: 0.00448 (0.628)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-434⁠

Unrestricted Upload of File with Dangerous Type

ADVISORY - github

CWE-434⁠

Unrestricted Upload of File with Dangerous Type

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-434⁠

Unrestricted Upload of File with Dangerous Type

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Impacted images

Advisories

NIST

CREATED

4 years ago

UPDATED

6 months ago

ADVISORY IDCVE-2022-29623⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-434⁠

CVSS SCORE

7.8high

GitHub

CREATED

4 years ago

UPDATED

6 months ago

ADVISORY IDGHSA-w2xw-44r3-4v9g⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-434⁠

CVSS SCORE

7.8high

GitLab

CREATED

4 years ago

UPDATED

6 months ago

ADVISORY ID

CVE-2022-29623

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-434⁠CWE-937⁠

CVSS SCORE

7.8high

intheWild

CREATED

8 months ago

UPDATED

8 months ago

ADVISORY IDCVE-2022-29623⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY