NET Zip library that does not properly sanitize path names allowing files to be extracted to a location above their parent directory and back to the root directory. ToolBoxST prior to Version 7.8.0 uses a vulnerable version of the Ionic. 3.2.2 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (PATH TRAVERSAL) CWE-22 A CVSS v3 base score of 7.5 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). The vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project/template file.ĬVE-2021-44477 has been assigned to this vulnerability. GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity (XXE) vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. ToolBoxST OS: All versions prior to 07.09.07Cģ.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611.GE reports these vulnerabilities affect the following software platform for programming: Successful exploitation of these vulnerabilities could result in data exfiltration or arbitrary write, overwrite, and execution. Vulnerabilities: Improper Restriction of XML External Entity Reference, Path Traversal.ATTENTION: Exploitable remotely/low attack complexity.
0 kommentar(er)
