Filtered by vendor Halo
Subscribe
Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-21525 | 1 Halo | 1 Halo | 2020-10-08 | 5.0 MEDIUM | 7.5 HIGH |
| Halo V1.1.3 is affected by: Arbitrary File reading. In an interface that reads files in halo v1.1.3, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it. | |||||
| CVE-2020-21527 | 1 Halo | 1 Halo | 2020-10-07 | 8.5 HIGH | 7.7 HIGH |
| There is an Arbitrary file deletion vulnerability in halo v1.1.3. A backup function in the background allows a user, when deleting their backup files, to delete any files on the system through directory traversal. | |||||
| CVE-2019-19999 | 1 Halo | 1 Halo | 2020-01-08 | 6.5 MEDIUM | 7.2 HIGH |
| Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration. | |||||