CVE-2023-39916

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-39916

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-39916.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-39916

Published

2023-09-13T15:15:07Z

Modified

2025-02-18T20:43:37Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP requests. The location of these stored responses is constructed from the URL of the request. Due to insufficient sanitation of the URL, it is possible for an attacker to craft a URL that results in the response being stored outside of the directory specified for it.

References

https://nlnetlabs.nl/downloads/routinator/CVE-2023-39916.txt

Affected packages

Git / github.com/nlnetlabs/routinator

Affected ranges

Type: GIT
Repo: https://github.com/nlnetlabs/routinator
Events: Introduced

67c1df060db58cf01f112ec4a5c27414025129f0

Fixed

4b41c41f4bbc460669a00a8aad44c4a753665c66