This affects the package cesanta/mongoose prior to 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable malicious users to write files to arbitrary locations outside the designated target folder.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cesanta mongoose |