CVE-2023-39346

Name of the Vulnerable Software and Affected Versions LinuxASMCallGraph versions prior to commit 20dba06bd1a3cf260612d4f21547c25002121cd5

Description The issue is related to incorrect filtering rules of uploaded files, allowing attackers to cause remote code execution on the server side via uploading a crafted ZIP file. This can be exploited by uploading a specially crafted ZIP file, enabling an attacker to execute arbitrary code remotely.

Recommendations For versions prior to commit 20dba06bd1a3cf260612d4f21547c25002121cd5, update to a version that includes the patch from commit 20dba06bd1a3cf260612d4f21547c25002121cd5 to resolve the issue. As a temporary workaround, consider restricting the upload of ZIP files or implementing additional filtering rules for uploaded files to minimize the risk of exploitation.