VYPR

Egovframe Common Components

by EGovFramework

Source repositories

CVEs (2)

  • CVE-2025-34337HigNov 19, 2025
    risk 0.57cvss epss 0.00

    eGovFramework/egovframe-common-components versions up to and including 4.3.1 includes Web Editor image upload and related file delivery functionality that uses symmetric encryption to protect URL parameters, but exposes an encryption oracle that allows attackers to generate…

  • CVE-2025-34336MedNov 19, 2025
    risk 0.45cvss epss 0.01

    eGovFramework/egovframe-common-components versions up to and including 4.3.1 contain an unauthenticated file upload vulnerability via the /utl/wed/insertImage.do and /utl/wed/insertImageCk.do image upload endpoints. These controllers accept multipart requests without…