oss-sec mailing list archives
CVE-2022-29464 :: WSO2 Unrestricted arbitrary file upload, and remote code to execution vulnerability.
From: "Myers, Christopher" <Christopher.Myers () sdbor edu>
Date: Fri, 22 Apr 2022 17:49:37 +0000
I have not seen this come across the oss-sec/CISA/DHS emails at this point, but anyone using WSO2 or a derivative needs to check this out right away. https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1738 https://nvd.nist.gov/vuln/detail/CVE-2022-29464 Good writeup and PoC code here: https://github.com/hakivvi/CVE-2022-29464
Current thread:
- [kubernetes] CVE-2021-25746: Ingress-nginx directive injection via annotations CJ Cullen (Apr 22)
- CVE-2022-29464 :: WSO2 Unrestricted arbitrary file upload, and remote code to execution vulnerability. Myers, Christopher (Apr 22)