Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1yMncyLWg2cjgtM3I1M84AAqXz
Camaleon CMS vulnerable to Uncaught Exception
In Camaleon CMS, versions 2.0.1 through 2.6.0 are vulnerable to an Uncaught Exception. The app's media upload feature crashes permanently when an attacker with a low privileged access uploads a specially crafted .svg file.
Permalink: https://github.com/advisories/GHSA-r2w2-h6r8-3r53JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yMncyLWg2cjgtM3I1M84AAqXz
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: almost 2 years ago
CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
EPSS Percentage: 0.00076
EPSS Percentile: 0.34503
Identifiers: GHSA-r2w2-h6r8-3r53, CVE-2021-25971
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-25971
- https://github.com/owen2345/camaleon-cms/commit/ab89584ab32b98a0af3d711e3f508a1d048147d2
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25971
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/CVE-2021-25971.yml
- https://github.com/advisories/GHSA-r2w2-h6r8-3r53
Blast Radius: 5.5
Affected Packages
rubygems:camaleon_cms
Dependent packages: 7Dependent repositories: 19
Downloads: 342,047 total
Affected Version Ranges: >= 2.0.1, < 2.6.0.1
Fixed in: 2.6.0.1
All affected versions: 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.7.4, 2.7.5, 2.8.0, 2.8.1, 2.8.2, 2.8.3
All unaffected versions: 0.0.1, 0.0.2, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 0.1.7, 0.1.8, 0.1.9, 0.2.0, 0.2.1, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.0.9, 1.1.0