CVE-2022-27952: Unrestricted Upload of File with Dangerous Type in Payload
9.8
Basic Information
Technical Details
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
payload | npm | <= 0.15.0 | 0.15.1 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The provided information describes the vulnerability (CVE-2022-27952) as an unrestricted file upload in PayloadCMS
v0.15.0, but does not include specific code examples, commit diffs, or file paths that would allow precise identification of vulnerable functions. While the vulnerability clearly exists in the file upload
module's handling of SVG files, the advisory materials and linked resources don't disclose implementation details about the upload validation
logic, specific function names, or file locations. Without access to the actual pre-patch source code or patch diff for version 0.15.0, we cannot confidently identify specific vulnerable functions with high certainty. The vulnerability likely resides in the file type validation
logic for uploads, but insufficient technical details are provided to map this to concrete function names/paths.