CVE-2023-28322: more POST-after-PUT confusion

Disclosed: 2023-06-25 18:24:53 By kurohiro To ibb

Low

Vulnerability Details

Original Report:https://hackerone.com/reports/1954658 ## Impact CWE-440: Expected Behavior Violation An attacker could potentially inject data, either from stdin or from an unintended buffer. Further, without even an active attacker, this could lead to segfaults or sensitive information being exposed to an unintended recipient.

Actions

View on HackerOne

Report Stats

Report ID: 1991428
State: Closed
Substate: resolved
Upvotes: 10

CVE-2023-28322: more POST-after-PUT confusion

Vulnerability Details

Actions

Report Stats

Share this report