Vulnerabilities [VvvebJs]

[joaoviictorti]

Hi guys, how are you?

My name is João Victor, I'm a security researcher and I was doing some research on your applications. Recently, I discovered some critical flaws in the VVEBJS application, including File Upload vulnerabilities that can lead to Remote Code Execution, Directory Traversal and SSRF. These flaws were considered serious enough to be registered as CVEs by Mitre. They are currently reserved, which is why I'm contacting you first to demonstrate them in practice so that you can fix them. I can't show them here, as it's not a suitable way because it's public, I believe the most ethical way would be by email.

[givanz]

Hi João Victor,

Thank you for testing and reporting vulnerabilities.
Please send the information to the email address from my profile page.

[joaoviictorti]

Hello, Givanz!

Thank you for your reply. I've sent you an email detailing each step that was carried out by the faults and what each one is!