CVE-2022-29351: Unrestricted Upload of File with Dangerous Type

May 17, 2022 (updated May 25, 2022)

An arbitrary file upload vulnerability in the file upload module of Tiddlywiki5 v5.2.2 allows attackers to execute arbitrary code via a crafted SVG file.

References

tiddlywiki5.com/
github.com/Jermolene/TiddlyWiki5
github.com/advisories/GHSA-cr9c-rhq6-vh53
github.com/jimcola99/corruptsvgfile
nvd.nist.gov/vuln/detail/CVE-2022-29351
www.youtube.com/watch?v=F_DBx4psWns

Code Behaviors & Features

Detect and mitigate CVE-2022-29351 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →