PT-2023-29937 · Avalanche · Avalanche
Published
2023-12-19
·
Updated
2024-01-11
·
CVE-2023-46264
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Avalanche versions 6.4.1 and below
Description
An unrestricted upload of file with a dangerous type vulnerability exists that could allow an attacker to achieve remote code execution.
Recommendations
For Avalanche versions 6.4.1 and below, consider restricting file uploads to only allow safe file types until a patch is available.
As a temporary workaround, consider disabling the file upload feature in Avalanche until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Avalanche