CVE-2022-2872: Malicious File Upload
First published: Wed Sep 21 2022(Updated: )
Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3.
Credit: security@huntr.dev
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Octoprint Octoprint | <1.8.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-2872?
CVE-2022-2872 is a vulnerability that allows unrestricted upload of files with dangerous types in the GitHub repository octoprint/octoprint prior to version 1.8.3.
What is the severity of CVE-2022-2872?
The severity of CVE-2022-2872 is medium with a CVSS score of 5.4.
How does CVE-2022-2872 affect Octoprint?
CVE-2022-2872 affects Octoprint versions prior to 1.8.3 by allowing unrestricted upload of files with dangerous types.
How can I fix CVE-2022-2872?
To fix CVE-2022-2872, update Octoprint to version 1.8.3 or later.
Where can I find more information about CVE-2022-2872?
More information about CVE-2022-2872 can be found in the references provided: - [GitHub Commit](https://github.com/octoprint/octoprint/commit/3e3c11811e216fb371a33e28412df83f9701e5b0) - [Huntr Bounty](https://huntr.dev/bounties/b966c74d-6f3f-49fe-b40a-eaf25e362c56)
- collector/nvd-index
- vendor/octoprint
- canonical/octoprint octoprint