VYPR

Otter

by Inedo

CVEs (3)

  • CVE-2017-17086CriDec 1, 2017
    risk 0.64cvss 9.8epss 0.01

    Indeo Otter through 1.7.4 mishandles a "" substring in an initial DP payload, which allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact, as demonstrated by the Plan Editor.

  • CVE-2017-15607CriDec 1, 2017
    risk 0.64cvss 9.8epss 0.02

    Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181.

  • CVE-2023-2288May 30, 2023
    risk 0.00cvss epss 0.18

    The Otter WordPress plugin before 2.2.6 does not sanitize some user-controlled file paths before performing file operations on them. This leads to a PHAR deserialization vulnerability on PHP < 8.0 using the phar:// stream wrapper.