Abstract Advisory Information
There is not enough checks on a file-upload field on publisher part of the WSO2 API Manager, when adding documentation to an API.
Author: Julien Oury–Nogues
Version affected
Name: WSO2 API Manager
Versions: 2.6.0Common Vulnerability Scoring System
3.8
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:LPatches
Unknown
References
None
Vulnerability Disclosure Timeline
- 19/10/2018 – Vulnerability discovered
- 22/10/2018 – Contact WSO2 security team
- 29/10/2018 – Acknowledgement From WSO2 security team
- 28/02/2019 – Public disclosure