This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names during upload using HttpFile::save() method may enable attackers to write files to arbitrary locations outside the designated target folder.
Advisories
Source ID Title
EUVD EUVD EUVD-2022-29984 This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names during upload using HttpFile::save() method may enable attackers to write files to arbitrary locations outside the designated target folder.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Sat, 12 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00111}

epss

{'score': 0.0014}


cve-icon MITRE

Status: PUBLISHED

Assigner: snyk

Published:

Updated: 2024-09-16T17:03:37.145Z

Reserved: 2022-02-16T00:00:00

Link: CVE-2022-25297

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-02-21T08:15:06.607

Modified: 2024-11-21T06:51:56.963

Link: CVE-2022-25297

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.