Arbitrary Code Execution Affecting c2cgeoform package, versions [,2.1.26)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-C2CGEOFORM-6243618
- published 13 Feb 2024
- disclosed 1 Feb 2024
- credit Unknown
How to fix?
Upgrade c2cgeoform
to version 2.1.26 or higher.
Overview
c2cgeoform is a c2cgeoform
Affected versions of this package are vulnerable to Arbitrary Code Execution such that attachments can be directly opened in the browser, posing a risk of script execution from malicious files.
References
CVSS Scores
version 3.1