GHSA-6278-2q4m-cmf3, CVE-2022-36537
maven/org.zkoss.zk/zk
Exposure of Sensitive Information to an Unauthorized Actor
ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.
All versions before 8.6.4.2, all versions starting from 9.0.0.0 before 9.0.1.3, all versions starting from 9.5.0.0 before 9.5.1.4, all versions starting from 9.6.0.0 before 9.6.0.2, all versions starting from 9.6.1 before 9.6.2
Upgrade to versions 8.6.4.2, 9.0.1.3, 9.5.1.4, 9.6.0.2, 9.6.2 or above.
2022-09-19
source |