CVE-2023-46496 | EverShop NPM up to 1.0.0-rc.7 Request api/files DELETE path traversal

Posted by Angelo Barbosa | Dec 8, 2023 | CVE

A vulnerability was found in EverShop NPM up to 1.0.0-rc.7. It has been classified as critical. Affected is the function DELETE of the file api/files of the component Request Handler. The manipulation leads to path traversal.

This vulnerability is traded as CVE-2023-46496. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2023-46496 | EverShop NPM up to 1.0.0-rc.7 Request api/files DELETE path traversal

Related Posts

CVE-2023-52478 | Linux Kernel up to 6.5.7 on USB logitech-hidpp hidpp_connect_event denial of service

CVE-2024-41697 | Priority up to 23.x HTML Tag HTML injection

CVE-2024-39396 | Adobe InDesign Desktop up to 18.5.2/19.3 out-of-bounds (apsb24-48)

CVE-2024-25895 | ChurchCRM 5.5.0 /EventAttendance.php type cross site scripting