VYPR
Vendor

SonicJS

Products
1
CVEs
2
Across products
2
Status
Private

Products

1

Recent CVEs

2
  • CVE-2022-42002CriOct 1, 2022
    risk 0.59cvss 9.1epss 0.01

    SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File…

  • CVE-2023-33690MedJun 5, 2023
    risk 0.00cvss 6.5epss 0.01

    SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal when an attacker injects special characters into the filename of a backup CMS.