Cesanta: >> Mongoose >> 7.0 Security Vulnerabilities
This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside the designated target folder.
CVSS Score
9.8
EPSS Score
0.014
Published
2022-02-18
The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
CVSS Score
9.1
EPSS Score
0.015
Published
2021-02-08
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
CVSS Score
9.1
EPSS Score
0.015
Published
2021-02-08
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
CVSS Score
9.1
EPSS Score
0.015
Published
2021-02-08
Page 3