References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Known Affected Software Configurations Switch to CPE 2.2

Change History

OR
     *cpe:2.3:a:traccar:traccar:*:*:*:*:*:*:*:* versions up to (excluding) 5.11

NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NIST CWE-434

https://github.com/traccar/traccar/security/advisories/GHSA-pqf7-8g85-vx2q No Types Assigned

https://github.com/traccar/traccar/security/advisories/GHSA-pqf7-8g85-vx2q Third Party Advisory

GitHub, Inc. AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

GitHub, Inc. CWE-434

Traccar is an open source GPS tracking system. Prior to 5.11, Traccar is affected by an unrestricted file upload vulnerability in File feature allows attackers to execute arbitrary code on the server. This vulnerability is more prevalent because Traccar is recommended to run web servers as root user. It is also more dangerous because it can write or overwrite files in arbitrary locations.  Version 5.11 was published to fix this vulnerability.

GitHub, Inc. https://github.com/traccar/traccar/security/advisories/GHSA-pqf7-8g85-vx2q [No types assigned]