node/utils/ExportEtherpad.js in Etherpad 1.5.x prior to 1.5.2 might allow remote malicious users to obtain sensitive information by leveraging an improper substring check when exporting a padID.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
etherpad etherpad 1.5.0 |
||
etherpad etherpad 1.5.1 |