← Back

Gcdwebserver

gcdwebserver

Vendor: Gcdwebserver Project • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-14924
1Gcdwebserver Project
1Gcdwebserver
Nov 21, 2024
Aug 10, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
An issue was discovered in GCDWebServer before 3.5.3. The method moveItem in the GCDWebUploader class checks the FileExtension of newAbsolutePath but not oldAbsolutePath. By leveraging this vulnerability, an adversary ca...Show more
An issue was discovered in GCDWebServer before 3.5.3. The method moveItem in the GCDWebUploader class checks the FileExtension of newAbsolutePath but not oldAbsolutePath. By leveraging this vulnerability, an adversary can make an inaccessible file be available (the credential of the app, for instance).Show less