CVE-2023-46497

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Dec 8, 2023

Updated: Dec 12, 2023

CWE ID 22

Summary

CVE-2023-46497 is a Directory Traversal vulnerability affecting EverShop NPM versions prior to 1.0.0-rc.8. A remote attacker can exploit this issue by crafting a malicious request to the mkdirSync function within the createFolder.js endpoint, leading to the obtains sensitive information from the affected system. This vulnerability poses a significant risk, as it can allow unauthorized access to critical data. It is essential for EverShop users to update to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tGou-g
https://www.cve.org/CVERecord?id=CVE-2023-46497
https://nvd.nist.gov/vuln/detail/CVE-2023-46497

Back to Vulnerability Database

CVE-2023-46497

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations