This allows for an attacker to delete any file on the system, leading to a full compromise of the application. This attack can be prevented by ensuring that only authorized users can access the file system. The fixed version 4.0.1 has been released. Update your application immediately. FileController.java line 819 has been revised to: FileController.java line 819 has been revised to: If a file does not exist, this method will return a 404 error. Consequently, an attacker can upload a file to the server and then request it using an HTTP POST request. This attack can be prevented by obtaining an authorized file name before attempting to upload a file. The code snippet below illustrates the recommended approach:
CVE-2023-36594
This vulnerability allows for an attacker to cause the system to execute arbitrary code by uploading a file with a malicious extension. If a file is uploaded with a .jpg, .html or .png extension, then the system will execute the file's contents and bypass any filters that are configured. The fixed version 4.0.2 has been released. Update your application immediately. FileControllerImpl has been revised to: FileControllerImpl has been revised to: If an unsafe file name is passed into this method, then it will fail silently without returning any errors in order to prevent an attacker from exploiting this vulnerability
Timeline
Published on: 09/02/2022 04:15:00 UTC
Last modified on: 09/07/2022 20:42:00 UTC