CVE-2022-23082

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-23082

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23082.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-23082

Aliases

GHSA-m9vj-44f3-78xw

Published

2022-05-31T15:15:07Z

Modified

2024-05-30T03:32:47.984435Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal.

References

Affected packages

Git / github.com/whitesource/curekit

Affected ranges

Type: GIT
Repo: https://github.com/whitesource/curekit
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

af35e870ed09411d2f1fae6db1b04598cd1a31b6

Affected versions

v1.*

v1.0.1

v1.0.2

v1.0.3

v1.1.0

v1.1.1

v1.1.3