CVE-2022-4773

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-4773
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4773.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-4773
Published
2022-12-28T00:15:15.570Z
Modified
2025-11-20T12:11:40.149004Z
Severity
  • 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

* UNSUPPORTED WHEN ASSIGNED * A vulnerability classified as problematic was found in cloudsync. Affected by this vulnerability is the function getItem of the file src/main/java/cloudsync/connector/LocalFilesystemConnector.java. The manipulation leads to path traversal. It is possible to launch the attack on the local host. The name of the patch is 3ad796833398af257c28e0ebeade68518e0e612a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216919. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

References

Affected packages

Git / github.com/holgerhees/cloudsync

Affected ranges

Type
GIT
Repo
https://github.com/holgerhees/cloudsync
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
3ad796833398af257c28e0ebeade68518e0e612a

Affected versions

v1.*

v1.0-beta1
v1.0-beta10
v1.0-beta11
v1.0-beta12
v1.0-beta13
v1.0-beta14
v1.0-beta2
v1.0-beta3
v1.0-beta4
v1.0-beta5
v1.0-beta6
v1.0-beta7
v1.0-beta8
v1.0-beta9

Database specific

vanir_signatures

[
    {
        "digest": {
            "function_hash": "109783577688533687957683343273447491471",
            "length": 4064.0
        },
        "source": "https://github.com/holgerhees/cloudsync/commit/3ad796833398af257c28e0ebeade68518e0e612a",
        "id": "CVE-2022-4773-40ced546",
        "signature_version": "v1",
        "target": {
            "file": "src/main/java/cloudsync/connector/LocalFilesystemConnector.java",
            "function": "getItem"
        },
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "89420516857254812841816402803818866145",
                "92420760527762796989155655024272266546",
                "242475902173834287261730207130887936764",
                "250370438620134956514027567194699495224"
            ]
        },
        "source": "https://github.com/holgerhees/cloudsync/commit/3ad796833398af257c28e0ebeade68518e0e612a",
        "id": "CVE-2022-4773-a8313621",
        "signature_version": "v1",
        "target": {
            "file": "src/main/java/cloudsync/connector/LocalFilesystemConnector.java"
        },
        "deprecated": false,
        "signature_type": "Line"
    }
]