CVE-2021-38573

High

7.5/10

Summary

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because a CombineFiles pathname is not validated.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: PARTIAL
Confidentiality Impact: PARTIAL
Availability Impact: PARTIAL

References

Advisory Timeline

Published Aug 11, 2021

CVE-2021-38573

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS