PT-2024-34376 · Unknown · Python Book
Published
2024-11-15
·
Updated
2024-12-03
·
CVE-2024-50649
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
python book version V1.0
Description:
The issue concerns an arbitrary file upload vulnerability in the user avatar upload function. This vulnerability allows for the upload of arbitrary files, which could potentially lead to security issues.
Recommendations:
For python book version V1.0, consider disabling the user avatar upload function until a patch is available to prevent exploitation of the arbitrary file upload vulnerability.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Python Book