CVE-2023-45277

Source
https://cve.org/CVERecord?id=CVE-2023-45277
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-45277.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-45277
Aliases
Published
2023-10-19T00:00:00Z
Modified
2026-07-08T07:34:32.682658707Z
Summary
[none]
Details

Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/45xxx/CVE-2023-45277.json",
    "cna_assigner": "mitre"
}
References

Affected packages

Git / github.com/yamcs/yamcs

Affected ranges

Type
GIT
Repo
https://github.com/yamcs/yamcs
Events
Database specific
{
    "cpe": "cpe:2.3:a:spaceapplications:yamcs:5.8.6:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "5.8.6"
        },
        {
            "last_affected": "5.8.6"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

5.*
5.8.6
yamcs-5.*
yamcs-5.8.6

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-45277.json"