GHSA-5gr5-vmmr-82g6
Suggest an improvement- Source
- https://github.com/advisories/GHSA-5gr5-vmmr-82g6
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-5gr5-vmmr-82g6/GHSA-5gr5-vmmr-82g6.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-5gr5-vmmr-82g6
- Aliases
- Published
- 2025-06-03T15:31:26Z
- Modified
- 2025-06-05T22:27:14.749991Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- Erupt Unrestricted Upload of File with Dangerous Type vulnerability
- Details
-
An arbitrary file upload vulnerability in the component /upload/GoodsCategory/image of erupt v1.12.19 allows attackers to execute arbitrary code via uploading a crafted file.
- Database specific
{ "github_reviewed": true, "severity": "MODERATE", "nvd_published_at": "2025-06-03T14:15:48Z", "github_reviewed_at": "2025-06-05T22:03:42Z", "cwe_ids": [ "CWE-434" ] }- References
Affected packages
Maven / xyz.erupt:erupt
Package
- Name
- xyz.erupt:erupt
- View open source insights on deps.dev
- Purl
- pkg:maven/xyz.erupt/erupt
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected1.12.19
Affected versions
1.*
1.5.1
1.5.2
1.5.3
1.5.4
1.5.5
1.5.6
1.5.7
1.6.1
1.6.3
1.6.4
1.6.5
1.6.7
1.6.8
1.6.9
1.6.10
1.6.11
1.6.12
1.6.13
1.6.14
1.6.15
1.6.16
1.7.0
1.7.1
1.7.2
1.7.3
1.8.0
1.8.1
1.8.2
1.8.3
1.8.4
1.8.5
1.9.0
1.9.0-bate
1.9.0-bate2
1.9.1
1.9.2
1.9.3
1.10.beta
1.10.0-beta
1.10.1
1.10.2
1.10.3
1.10.4
1.10.5
1.10.6
1.10.7
1.10.8-beta
1.10.8-beta.2
1.10.8-beta.3
1.10.8-beta.4
1.10.8
1.10.9-beta
1.10.9
1.10.10-beta
1.10.10-beta2
1.10.10
1.10.11
1.10.12
1.10.13
1.10.14
1.10.15
1.11.1
1.11.2
1.11.3
1.11.4
1.11.5
1.11.6
1.11.7
1.12.0
1.12.1
1.12.2
1.12.3
1.12.4
1.12.5
1.12.6
1.12.7
1.12.8
1.12.9
1.12.10
1.12.11
1.12.12
1.12.13
1.12.14
1.12.15
1.12.16
1.12.17
1.12.18
1.12.19