Cesanta Mongoose Embedded Web Server Library vulnerabilities
3 known vulnerabilities affecting cesanta/mongoose_embedded_web_server_library.
Total CVEs
3
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH3
Vulnerabilities
Page 1 of 1
CVE-2017-11567P3HIGHCVSS 8.8PoC≤ 6.82017-09-07
CVE-2017-11567 [HIGH] CWE-352 CVE-2017-11567: Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote atta
Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save. NOTE: this issue can be leveraged to execute arbitrary code remotely.
nvd
CVE-2017-7185P3HIGHCVSS 7.5PoC≤ 6.72017-04-10
CVE-2017-7185 [HIGH] CWE-416 CVE-2017-7185: Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Ce
Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a multipart/form-data POST request without a MIME boundary string.
nvd
CVE-2018-20352P3HIGHCVSS 8.8≤ 6.132019-06-10
CVE-2018-20352 [HIGH] CWE-416 CVE-2018-20352: Use-after-free vulnerability in the mg_cgi_ev_handler function in mongoose.c in Cesanta Mongoose Emb
Use-after-free vulnerability in the mg_cgi_ev_handler function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.
nvd