← volver
CVE-2021-29246

CVE-2021-29246

EPSS 1.5%
BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. The attacker must craft a malicious plugin file with special characters to upload the file outside of the restricted directory.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://blog.btcpayserver.org/vulnerability-disclosure-v1-0-7-0/https://github.com/btcpayserver/btcpayserver/releases