Home
» GitHub Advisories
» GHSA-73v2-rxqp-7q4f
Description
An issue in aliyundrive-webdav v.2.3.3 and before allows a remote attacker to execute arbitrary code via a crafted payload to the sid parameter in the action_query_qrcode component.
Basic information
Type
reviewed
Severity
high
Advisory on GitHub
Open advisory ↗
Repository advisory
—
Source code
Browse source ↗
Published (advisory)
2024-03-29 18:30:42 UTC
Updated
2024-03-29 20:14:35 UTC
GitHub reviewed
2024-03-29 20:14:34 UTC
NVD published
2024-03-29
EPSS Score
Score
Percentile
2.42%
84.60%
CVSS Scores
No CVSS scores in this advisory.
CWEs
CWE id
Name
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Affected packages (2)
Vulnerable version ranges and first patched releases as published by GitHub.
Ecosystem
Package
Vulnerable range
First patched
Vulnerable functions
rust
aliyundrive-webdav
<= 2.3.3
—
—
pip
aliyundrive-webdav
<= 2.3.3
—
—
cvelogic
Threat Intelligence