Published: 2021/06/14  Last Updated: 2021/06/14

Information from WESEEK, Inc.

Vulnerability ID:JVN#95457785
Title:Multiple vulnerabilities in GROWI

This is a statement from the vendor itself with no modification by JPCERT/CC.

GROWI is developed by WESEEK, Inc.
GROWI contains some bugs.

[Affected Products]
This bug affects GROWI All versions prior to v4.2.20

GROWI releases prior to v4.2.20 contain NoSQL injection and insufficient authentication.

An attacker can execute potentially use NoSQL injection to steal or tamper with information in the database.
An attacker can execute potentially use improper authentication to extract information unauthorizedly.

Please upgrade your GROWI to v4.2.20 or later.

### Where to get the updated version
- [GitHub](
- [Docker Hub](