VDB
CVE-2019-5096
CVE-2019-5096
PUBLISHED
CVSS 9.800000190734863 CRITICAL
An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free condition during the processing of this request that can be used to corrupt heap structures that could lead to full code execution. The request can be unauthenticated in the form of GET or POST requests, and does not require the requested resource to exist on the server.
EPSS 79.58% · 99.1th percentile
Risk Scores
CVSS 3.0
9.800000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
79.58%
99.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| embedthis | goahead | 3.6.5, 4.1.1, 5.0.1 |
| n/a | EmbedThis | * |
Exploit Intelligence
- CVE-2019-5096(UAF in upload handler) exploit cause Denial of Service (github-poc)
- CVE-2019-5096(UAF in upload handler) exploit cause Denial of Service (github-poc)
- CVE-2019-5096(UAF in upload handler) exploit cause Denial of Service (github-poc)
- CVE-2019-5096(UAF in upload handler) exploit cause Denial of Service (github-poc)
- CVE-2019-5096(UAF in upload handler) exploit cause Denial of Service (github-poc)
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0888 (nist-nvd)
Timeline
- Dec 2, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
- May 13, 2023 EPSS Score
- Sep 15, 2023 EPSS Score