An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4cTMtN3dqcC03cTNq
The filename of uploaded files vulnerable to stored XSS
Additionally, the measures to prevent renaming the file to disallowed filename extensions could be circumvented.
This is fixed in Bolt 3.7.1.
Related issue: https://github.com/bolt/bolt/pull/7853Permalink: https://github.com/advisories/GHSA-68q3-7wjp-7q3j
Source: GitHub Advisory Database
Published: almost 3 years ago
Updated: 4 months ago
CVSS Score: 7.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
Identifiers: GHSA-68q3-7wjp-7q3j, CVE-2020-4041
packagist:bolt/boltVersions: < 3.7.1
Fixed in: 3.7.1