Arbitrary file upload in Zoo-project

CVE-2024-53982

ZOO-Project is a C-based WPS (Web Processing Service) implementation. A path traversal vulnerability was discovered in Zoo-Project Echo example. The Echo example available by default in Zoo installs implements file caching, which can be co…

Vulnerability class: Unrestricted File Upload

EPSS: 0.005 (36.6th percentile) — read the EPSS interpretation.

Affected products

  • Zoo-project — versions < 641cb18fec58de43a3468f314e5f8808c560e6d9

Weakness classification (CWE)

References