CVE-2019-9889

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-9889
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-9889.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-9889
Published
2019-03-21T16:01:17.627Z
Modified
2026-04-10T04:21:01.410846Z
Severity
  • 2.7 (Low) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of the web server.

References

Affected packages

Git / github.com/vanilla/vanilla

Affected ranges

Type
GIT
Repo
https://github.com/vanilla/vanilla
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
9f12b221c5287fef0a946a7d056ca414e1e0c8ca
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.6.4"
        }
    ]
}

Affected versions

Vanilla_2.*
Vanilla_2.6.1
Vanilla_2.6.3
Other
list

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-9889.json"