Arbitrary file upload in Zoo-project
CVE-2024-53982
ZOO-Project is a C-based WPS (Web Processing Service) implementation. A path traversal vulnerability was discovered in Zoo-Project Echo example. The Echo example available by default in Zoo installs implements file caching, which can be co…
Vulnerability class: Unrestricted File Upload
EPSS: 0.005 (36.6th percentile) — read the EPSS interpretation.
Affected products
- Zoo-project — versions < 641cb18fec58de43a3468f314e5f8808c560e6d9
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)