Untriaged
Permalink
CVE-2025-39436
9.1 CRITICAL
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): HIGH
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
WordPress I Draw <= 1.0 - Arbitrary File Upload Vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in aidraw I Draw allows Using Malicious Files. This issue affects I Draw: from n/a through 1.0.
References
Affected products
idraw
- =<1.0
Matching in nixpkgs
pkgs.rapidraw
Blazingly-fast, non-destructive, and GPU-accelerated RAW image editor built with performance in mind
-
nixos-unstable -
- nixpkgs-unstable 1.3.2
pkgs.jitsi-excalidraw
Excalidraw collaboration backend for Jitsi
-
nixos-unstable -
- nixpkgs-unstable 21
pkgs.excalidraw_export
CLI to export Excalidraw drawings to SVG and PDF
-
nixos-unstable -
- nixpkgs-unstable 1.1.0
Package maintainers
-
@venikx Kevin De Baerdemaeker <code@venikx.com>
-
@camillemndn Camille M. <camillemondon@free.fr>
-
@obfusk FC Stegerman <flx@obfusk.net>
-
@taciturnaxolotl Kieran Klukas <me@dunkirk.sh>