richardgirges
commented
2 years ago I’m going to need actual examples. These high level explanations don’t help at all.
Closed imbudhiraja closed 2 years ago
richardgirges
commented
2 years ago I’m going to need actual examples. These high level explanations don’t help at all.
richardgirges
commented
2 years ago Closing in favor of #312
Package for Node.js contains a flaw that is triggered as file names for uploaded files are not properly validated before being placed in a web-accessible path. This may allow a context-dependent attacker to upload a file and overwrite files with the same name on the system utilizing the package.
Note:- Library/framework vulnerability. This code is used in a wide variety of software and the issue may manifest in a number of different ways. Depending on the implementation, it will vary if this vulnerability requires local access, or if it may be exploited remotely.
Input Manipulation - A vulnerability that is exploited by sending manipulated and unexpected data to a service or process. This includes all types of overflows, memory corruption, XSS, SQLi, RFI, traversals, and more.
Loss of Integrity - Assurance that data is unaltered by unauthorized persons and authorization has not been exceeded. Examples: XSS, arbitrary command execution, most overflows, most format strings, SQL injection, unauthorized file modification/deletion/creation, remote file inclusion, etc.