CVE-2019-6513

CVE-2019-6513

by webmestre

Abstract Advisory Information

There is not enough checks on a file-upload field on publisher part of the WSO2 API Manager, when adding documentation to an API.

Authors: Julien Oury–Nogues

Version affected

Name: WSO2 API Manager
Versions: 2.6.0

Common Vulnerability Scoring System

3.8
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L

Patches

Unknown

References

None

Vulnerability Disclosure Timeline

  • 19/10/2018 – Vulnerability discovered
  • 22/10/2018 – Contact WSO2 security team
  • 29/10/2018 – Acknowledgement From WSO2 security team
  • 28/02/2019 – Public disclosure
Top