Unrated severityNVD Advisory· Published Feb 18, 2022· Updated Sep 16, 2024
Arbitrary File Write
CVE-2022-25299
Description
This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside the designated target folder.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- github.com/cesanta/mongoose/commit/c65c8fdaaa257e0487ab0aaae9e8f6b439335945mitrex_refsource_MISC
- snyk.io/vuln/SNYK-UNMANAGED-CESANTAMONGOOSE-2404180mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.