Unrestricted Upload of File with Dangerous Type in ButterCMS

Severity:: High

Description

An arbitrary file upload vulnerability in the file upload component of ButterCMS v1.2.8 allows attackers to execute arbitrary code via a crafted SVG file.

Recommendation

No fix is available yet. Followings are affected versions:

<= 1.2.8

References

GHSA-3v5x-qjrp-q2hq
www.youtube.com
CVE-2022-27260
CWE-434
CAPEC-310
OWASP 2021-A4
OWASP 2021-A6

Related Issues

Unrestricted Upload of File with Dangerous Type in Payload - CVE-2022-27952
Unrestricted Upload of File with Dangerous Type in blueimp-file-upload - CVE-2018-9206
Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type - CVE-2022-35948
Cross-site Scripting in file-upload-with-preview - CVE-2021-23439

Tags:: npm; buttercms

Anything's wrong? Let us know Last updated on January 27, 2023