CVE-2022-41705: Unrestricted Upload of File with Dangerous Type

November 25, 2022 (updated December 2, 2022)

Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.

References

fluidattacks.com/advisories/headhunterz/
github.com/advisories/GHSA-g389-rf5p-fg56
github.com/uasoft-indonesia/badaso/
github.com/uasoft-indonesia/badaso/issues/818
nvd.nist.gov/vuln/detail/CVE-2022-41705

Detect and mitigate CVE-2022-41705 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →