CVE-2022-23082

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-23082

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23082.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-23082

Aliases

GHSA-m9vj-44f3-78xw

Published

2022-05-31T15:15:07.887Z

Modified

2026-03-14T11:31:46.587871Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal.

References

Affected packages

Git / github.com/whitesource/curekit

Affected ranges

Type

GIT

Repo

https://github.com/whitesource/curekit

Events

Introduced

6fab749a3e495c575b6474e2db86f88ee053423e

Last affected

7b275a67a5992165deb186b2b3f7764ddd062d26

Fixed

af35e870ed09411d2f1fae6db1b04598cd1a31b6

Database specific

{
    "versions": [
        {
            "introduced": "1.0.1"
        },
        {
            "last_affected": "1.1.3"
        }
    ]
}

Affected versions

v1.*

v1.0.1

v1.0.2

v1.0.3

v1.1.0

v1.1.1

v1.1.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23082.json"