Certain WSO2 products allow unrestricted file upload with...
Critical severity
Unreviewed
Published
Apr 20, 2022
to the GitHub Advisory Database
•
Updated Oct 27, 2023
Description
Published by the National Vulnerability Database
Apr 18, 2022
Published to the GitHub Advisory Database
Apr 20, 2022
Last updated
Oct 27, 2023
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. This affects WSO2 API Manager 2.2.0 and above through 4.0.0; WSO2 Identity Server 5.2.0 and above through 5.11.0; WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0, and 5.6.0; WSO2 Identity Server as Key Manager 5.3.0 and above through 5.10.0; and WSO2 Enterprise Integrator 6.2.0 and above through 6.6.0.
References