CVE-2022-29623

ADVISORY - github

Summary

An arbitrary file upload vulnerability in the file upload module of Express Connect-Multiparty 2.2.0 allows attackers to execute arbitrary code via a crafted PDF file. NOTE: the Supplier has not verified this vulnerability report.

EPSS Score⁠: 0.00448 (0.628)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-434⁠

Unrestricted Upload of File with Dangerous Type

ADVISORY - github

CWE-434⁠

Unrestricted Upload of File with Dangerous Type

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-434⁠

Unrestricted Upload of File with Dangerous Type

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.