VYPR

SonicJS

by SonicJS

CVEs (2)

  • CVE-2022-42002CriOct 1, 2022
    risk 0.59cvss 9.1epss 0.01

    SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File…

  • CVE-2023-33690MedJun 5, 2023
    risk 0.00cvss 6.5epss 0.01

    SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal when an attacker injects special characters into the filename of a backup CMS.