CVE-2020-27304
Severity
9.8CRITICAL
EPSS
1.0%
top 23.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 21
Latest updateMay 24
Description
The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversal
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages4 packages
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-wphm-mh7c-38cf: The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file u↗2022-05-24
CVEList▶
CVE-2020-27304: The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file u↗2021-10-21
OSV▶
CVE-2020-27304: The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file u↗2021-10-21
📋Vendor Advisories
3Red Hat▶
civetweb: directory traversal when using the built-in example HTTP form-based file upload mechanism via the mg_handle_form_request API↗2021-10-18
Microsoft▶
The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows when using the built-in HTTP form-based file upload mechanism via the mg_handle_form_request API.↗2021-10-12
Debian▶
CVE-2020-27304: civetweb - The CivetWeb web library does not validate uploaded filepaths when running on an...↗2020
💬Community
1Bugzilla▶
CVE-2020-25830 mantis: improper escaping of custom field's name allows an attacker to inject HTML↗2020-10-08