CVE-2022-4773

Source
https://cve.org/CVERecord?id=CVE-2022-4773
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4773.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-4773
Published
2022-12-28T00:15:15.570Z
Modified
2026-04-11T23:22:44.776541Z
Severity
  • 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in cloudsync. Affected by this vulnerability is the function getItem of the file src/main/java/cloudsync/connector/LocalFilesystemConnector.java. The manipulation leads to path traversal. It is possible to launch the attack on the local host. The name of the patch is 3ad796833398af257c28e0ebeade68518e0e612a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216919. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

References

Affected packages

Git / github.com/holgerhees/cloudsync

Affected ranges

Type
GIT
Repo
https://github.com/holgerhees/cloudsync
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://github.com/holgerhees/cloudsync
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v1.*
v1.0-beta1
v1.0-beta10
v1.0-beta11
v1.0-beta12
v1.0-beta14
v1.0-beta2
v1.0-beta3
v1.0-beta4
v1.0-beta5
v1.0-beta6
v1.0-beta7
v1.0-beta8
v1.0-beta9

Database specific

vanir_signatures
[
    {
        "id": "CVE-2022-4773-40ced546",
        "target": {
            "function": "getItem",
            "file": "src/main/java/cloudsync/connector/LocalFilesystemConnector.java"
        },
        "signature_version": "v1",
        "source": "https://github.com/holgerhees/cloudsync/commit/3ad796833398af257c28e0ebeade68518e0e612a",
        "signature_type": "Function",
        "digest": {
            "function_hash": "109783577688533687957683343273447491471",
            "length": 4064.0
        },
        "deprecated": false
    },
    {
        "id": "CVE-2022-4773-a8313621",
        "target": {
            "file": "src/main/java/cloudsync/connector/LocalFilesystemConnector.java"
        },
        "signature_version": "v1",
        "source": "https://github.com/holgerhees/cloudsync/commit/3ad796833398af257c28e0ebeade68518e0e612a",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "89420516857254812841816402803818866145",
                "92420760527762796989155655024272266546",
                "242475902173834287261730207130887936764",
                "250370438620134956514027567194699495224"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    }
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4773.json"
vanir_signatures_modified
"2026-04-11T23:22:44Z"
unresolved_ranges
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "2022-09-21"
            }
        ]
    }
]