Description
An arbitrary file upload vulnerability in the file upload module of PayloadCMS v0.15.0 allows attackers to execute arbitrary code via a crafted SVG file.
Recommendation
Update the payload package to the latest compatible version. Followings are version details:
- Affected version(s): <= 0.15.0
- Patched version(s): 0.15.1
References
Related Issues
- Unrestricted Upload of File with Dangerous Type in ButterCMS - CVE-2022-27260
- Unrestricted Upload of File with Dangerous Type in blueimp-file-upload - CVE-2018-9206
- Cross-site Scripting in file-upload-with-preview - CVE-2021-23439
- Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type - CVE-2022-35948
- Tags:
- npm
- payload
Anything's wrong? Let us know Last updated on January 27, 2023