oss-sec mailing list archives

CVE-2022-29464 :: WSO2 Unrestricted arbitrary file upload, and remote code to execution vulnerability.

From: "Myers, Christopher" <Christopher.Myers () sdbor edu>
Date: Fri, 22 Apr 2022 17:49:37 +0000

I have not seen this come across the oss-sec/CISA/DHS emails at this point, but anyone using WSO2 or a derivative needs 
to check this out right away.

https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1738

https://nvd.nist.gov/vuln/detail/CVE-2022-29464

Good writeup and PoC code here: https://github.com/hakivvi/CVE-2022-29464

Current thread:

[kubernetes] CVE-2021-25746: Ingress-nginx directive injection via annotations CJ Cullen (Apr 22)
- CVE-2022-29464 :: WSO2 Unrestricted arbitrary file upload, and remote code to execution vulnerability. Myers, Christopher (Apr 22)