CVE-2022-29354: Unrestricted Upload of File with Dangerous Type

May 16, 2022 (updated May 24, 2022)

An arbitrary file upload vulnerability in the file upload module of Keystone v4.2.1 allows attackers to execute arbitrary code via a crafted file.

References

nvd.nist.gov/vuln/detail/CVE-2022-29354
www.youtube.com/watch?v=DOM20FKpQQw

Detect and mitigate CVE-2022-29354 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →