PT-2023-23874 · Avalanche · Avalanche
Published
2023-08-10
·
Updated
2023-08-16
·
CVE-2023-32562
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Avalanche versions 6.3.x and below
Description
An unrestricted upload of file with a dangerous type could allow an attacker to achieve remote code execution. The issue is fixed in version 6.4.1.
Recommendations
For Avalanche versions 6.3.x and below, update to version 6.4.1 to resolve the issue. As a temporary workaround, consider restricting file uploads to prevent potential exploitation until the update can be applied.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Avalanche