Information from WESEEK, Inc.
Vulnerability ID:JVN#95457785
Title:Multiple vulnerabilities in GROWI
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
[Summary]
GROWI is developed by WESEEK, Inc.
GROWI contains some bugs.
[Affected Products]
This bug affects GROWI All versions prior to v4.2.20
[Description]
GROWI releases prior to v4.2.20 contain NoSQL injection and insufficient authentication.
[Impact]
An attacker can execute potentially use NoSQL injection to steal or tamper with information in the database.
An attacker can execute potentially use improper authentication to extract information unauthorizedly.
[Solution]
Please upgrade your GROWI to v4.2.20 or later.
### Where to get the updated version
- [GitHub](https://github.com/weseek/growi)
- [Docker Hub](https://hub.docker.com/r/weseek/growi/)
