CVE-2022-42002
N/A
N/A
Summary
SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://snyk.io/blog/graphql-security-static-analysis-snyk-code/
- https://github.com/lane711/sonicjs/tags
References
- https://snyk.io/blog/graphql-security-static-analysis-snyk-code/
- https://github.com/lane711/sonicjs/tags
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.