CVE-2021-45790: Unrestricted Upload of File with Dangerous Type

September 29, 2022 (updated September 30, 2022)

An arbitrary file upload vulnerability was found in Metersphere v1.15.4. Unauthenticated users can upload any file to arbitrary directory, where attackers can write a cron job to execute commands.

References

github.com/metersphere/metersphere/issues/8653
nvd.nist.gov/vuln/detail/CVE-2021-45790

Detect and mitigate CVE-2021-45790 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →