PT-2023-32198 · Unknown · Kphrx Pleroma
Kphrx
·
Publicado
2023-10-15
·
Atualizado
2024-05-17
·
CVE-2023-5588
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
kphrx pleroma (affected versions not specified)
Description
A vulnerability was found in kphrx pleroma, classified as problematic. It affects the function
Pleroma.Emoji.Pack of the file lib/pleroma/emoji/pack.ex. The manipulation of the argument name leads to path traversal. The complexity of an attack is rather high, and the exploitability is told to be difficult.Recommendations
To fix this issue, it is recommended to apply the patch named 2c795094535537a8607cc0d3b7f076a609636f40. As a temporary workaround, consider restricting access to the
Pleroma.Emoji.Pack function until the patch is applied.Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Kphrx Pleroma