CVE-2024-22050
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-22050
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-22050.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-22050
- Aliases
- Related
- Published
- 2024-01-04T21:15:10Z
- Modified
- 2025-10-21T17:36:22.120310Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs.
- References
Affected packages
Git / github.com/boazsegev/iodine
Affected ranges
- Type
- GIT
- Repo
- https://github.com/boazsegev/iodine
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.0.1
v0.0.2
v0.0.3
v0.0.4
v0.1.0
v0.1.1
v0.1.10
v0.1.11
v0.1.12
v0.1.13
v0.1.14
v0.1.15
v0.1.16
v0.1.17
v0.1.18
v0.1.19
v0.1.2
v0.1.20
v0.1.21
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.1.9
v0.2.0
v0.2.1
v0.2.10
v0.2.11
v0.2.12
v0.2.13
v0.2.14
v0.2.15
v0.2.16
v0.2.17
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.2.6
v0.2.7
v0.2.8
v0.2.9
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.3.6
v0.4.0
v0.4.1
v0.4.10
v0.4.11
v0.4.12
v0.4.14
v0.4.15
v0.4.16
v0.4.17
v0.4.18
v0.4.19
v0.4.2
v0.4.3
v0.4.4
v0.4.5
v0.4.6
v0.4.7
v0.4.8
v0.4.9
v0.5.0
v0.5.1
v0.5.2
v0.6.0
v0.6.1
v0.6.2
v0.6.3
v0.6.4
v0.6.5
v0.7.0
v0.7.1
v0.7.10
v0.7.11
v0.7.12
v0.7.13
v0.7.14
v0.7.15
v0.7.16
v0.7.17
v0.7.18
v0.7.19
v0.7.2
v0.7.20
v0.7.21
v0.7.22
v0.7.23
v0.7.24
v0.7.25
v0.7.26
v0.7.27
v0.7.28
v0.7.29
v0.7.3
v0.7.31
v0.7.32
v0.7.33
v0.7.4
v0.7.5
v0.7.6
v0.7.7
v0.7.8
v0.7.9
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"digest": {
"function_hash": "198377515037861313859511217941252428272",
"length": 800.0
},
"deprecated": false,
"id": "CVE-2024-22050-055d4439",
"target": {
"function": "fio_signal_handler_reset",
"file": "ext/iodine/fio.c"
},
"source": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"signature_type": "Function"
},
{
"signature_version": "v1",
"digest": {
"line_hashes": [
"306835095047024991935153296056692964926",
"252256214802010088958653460143401334606",
"44259970585852496002277103316084851499",
"244457627349776091400760324938298677820",
"159083487960487129462909930135995676650",
"259196456976379190316615135973407413909",
"186741837240865360718606423805418029422",
"124912331527607666520373132739772383704",
"129214698531950340823194866444014279188",
"2477199907988409429979367846896978735",
"165094965905783459388830705213628562869",
"11021652834647593603736470268815616741",
"275050131334018408302871180574407488729",
"305522927707309067524186850843369480971",
"182677949585088240336621519899315787301",
"148889943908960484130564160257394318456",
"277362629647182580101297707603071025229",
"226103330201899974592300102349316652709",
"296470559092883407205600309508736166195",
"321721347502130005693304432479911288317",
"22506727936151712957401222106247619179",
"191522672563424080744588345095439909870",
"38726732730813861778145685246713379770",
"196281029717787017085000421015805654116",
"295156647258177598026692777229807794396",
"191522672563424080744588345095439909870",
"38726732730813861778145685246713379770",
"196281029717787017085000421015805654116",
"179151660151351899664850407133719610447"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2024-22050-07ec9600",
"target": {
"file": "ext/iodine/fio.h"
},
"source": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"signature_type": "Line"
},
{
"signature_version": "v1",
"digest": {
"line_hashes": [
"123581379880499789456584470810943642928",
"287248133357639919013123136616958137615",
"39821935887551244247831192935588429408",
"300327096748159712824971172978032885871"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2024-22050-09435262",
"target": {
"file": "ext/iodine/fiobj4fio.h"
},
"source": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"signature_type": "Line"
},
{
"signature_version": "v1",
"digest": {
"function_hash": "266928469100969845482775744494701866576",
"length": 226.0
},
"deprecated": false,
"id": "CVE-2024-22050-0be571d2",
"target": {
"function": "fio_tls_destroy",
"file": "ext/iodine/fio_tls_missing.c"
},
"source": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"signature_type": "Function"
},
{
"signature_version": "v1",
"digest": {
"line_hashes": [
"208764731900957020370346892019659396109",
"209899787249886689789676736286233012607",
"107086977595780265753371718993034807781",
"255586319606684811921426520302798361390",
"206487290610339583284883340623296347805",
"209899787249886689789676736286233012607",
"328835475208145458612265148847499113689",
"111874850584239494505271906267572310068",
"339924118251058500192839388407359461442",
"70002832451502409448863018724046786296",
"251671963531124845570743816255431207879",
"325580214997075466968536062959434636962",
"205282619613069993620613765471558078094",
"102976302529964012441079627231386599950",
"273609026837136161518132455768079027667",
"197878897379847545818903898191442480975",
"142152899142907152525243061818889319713",
"302149141326591065946719486084361568024",
"248239243438405240442225945260153128529",
"121571031545992772929120276306900990291",
"311991526040655846689109732242832793741",
"236486007291300644971145701391232465239",
"238676432306479257983247831184831647973",
"149132565806969770335568385260062179204",
"130600100584445844140214063882692721647",
"255146880172956492976471907693831774019",
"227691015709783519290417511704684800304"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2024-22050-0dfa7ac4",
"target": {
"file": "ext/iodine/http1.c"
},
"source": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"signature_type": "Line"
},
{
"signature_version": "v1",
"digest": {
"function_hash": "129013036702031728587360596491483544674",
"length": 2111.0
},
"deprecated": false,
"id": "CVE-2024-22050-156b611d",
"target": {
"function": "fio_flush",
"file": "ext/iodine/fio.c"
},
"source": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"signature_type": "Function"
},
{
"signature_version": "v1",
"digest": {
"line_hashes": [
"242320006687829376778087259135964923900",
"93996420465986760703292535896684380332",
"326647670546311994725919980201919285878",
"270320910063287517352064701341409225975",
"117139601513527110786532938565071829527",
"238090187688258463715994429281290969575",
"272551163123712853888983111555432200934",
"107130918023500259968629936771747406785",
"315706508370248114248316844032975186871",
"298325923299128386085833730425157905536",
"91105906329664565625061620969279703905",
"160976034766477037842041319373183923600",
"256133077907057374937366366116840487882",
"221052082956330621198288849834604351162",
"45282382805769784574818233417466002169",
"46627520607556879933490929710614132224"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2024-22050-1a8bd2b3",
"target": {
"file": "ext/iodine/fio_cli.c"
},
"source": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"signature_type": "Line"
},
{
"signature_version": "v1",
"digest": {
"function_hash": "248359984530794508484335151159038307726",
"length": 4527.0
},
"deprecated": false,
"id": "CVE-2024-22050-1ded752d",
"target": {
"function": "fio_cli_set_arg",
"file": "ext/iodine/fio_cli.c"
},
"source": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"signature_type": "Function"
},
{
"signature_version": "v1",
"digest": {
"line_hashes": [
"3847646527963432439538259230727378646",
"249438058600543554506090896570974666479",
"325791701820271047219517503916030565014",
"283692896854287426303879886344740191180",
"314259074877656306724438711481688801673",
"305562696837039717153281011259658298152",
"91653128479411255604572985543811786934",
"95239266023137188600323092332454577607",
"313212326480761106234646668311245758212",
"170262568952318876023252709773549267715",
"275896156461476988306662641784524603992",
"155598048038611359658975533772363544411",
"85301577993574033915308990156069763191",
"202521174391510682179617260253317548672",
"290156881391827497728513526795303217425",
"186600611401754461897543778146992381608",
"179240992244014109566260670800559289929",
"320198778246005255301195049287903559291",
"135099016817569758849766556471853834050",
"184590063483463523925418924855054566756",
"168026453360083746744733202839193113046",
"271825364205754450269547792224278944050",
"143054167941858676309661150048216508277",
"152716139709267067427169471546246005944",
"93924390898672089404040041673659685233",
"291707610591172398786157077834774766034",
"169382019523087916500341485451905637114",
"249216713908658542400579502186743462235",
"336232772858564052979779424448385320475",
"26640972589070249162697490328910696891",
"194626396102044320084375784748136894966",
"61362169461707320353003564080437334478",
"172816316612483859907805846099813653317",
"23787020172411145778075550602562910112",
"108971111862159686532046441749420562090",
"283741535622006024274496912093993116938",
"265792036250117507157313107581434358817",
"123854184803882967794006282732028572659",
"211913710060952179630498402078186756107",
"123455560233674145471028261334460241110",
"209968435517522369714918234221679263724",
"67605124411956691029185146394436314624",
"298438779841509337855407732167254050121",
"332916616279082514098802171455513773559",
"226841568009501237156833407463525303526",
"327137462366791174646671157966683629952",
"64609202773384812842851483635372311111",
"177276234408804169278899897022694264567",
"280038760165818484352232990955371348151",
"272830607014555418077597768348753247382",
"186201678900398913399596120882492826003",
"137190792736807157078933440088166729370",
"233302468583679775802177628812770972915",
"158112484435773574637221319403780868883",
"139658031677472819101528655367672523096",
"318710653940465158376662010277806731739",
"241787996887222575098842141521351900510",
"247436448812093885985733034127346479377",
"286591983126483965880070595593891476052",
"234888447324361800559849808151305741165",
"257683671080051238474392989747316820756",
"224665881961828571162877698036163264328",
"226507958117664096594636210199488329436",
"334280858875600352063758232342950527992",
"55951379771347808987605178358790975394",
"251327026759238584453866583556160414747"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2024-22050-21cd8303",
"target": {
"file": "ext/iodine/fio.c"
},
"source": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"signature_type": "Line"
},
{
"signature_version": "v1",
"digest": {
"function_hash": "18281227524404389057370710594241604948",
"length": 293.0
},
"deprecated": false,
"id": "CVE-2024-22050-223cf773",
"target": {
"function": "http1_on_request",
"file": "ext/iodine/http1.c"
},
"source": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"signature_type": "Function"
},
{
"signature_version": "v1",
"digest": {
"function_hash": "211252431253196394515623971850121077916",
"length": 780.0
},
"deprecated": false,
"id": "CVE-2024-22050-279848d2",
"target": {
"function": "fio_signal_handler_setup",
"file": "ext/iodine/fio.c"
},
"source": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"signature_type": "Function"
},
{
"signature_version": "v1",
"digest": {
"line_hashes": [
"168893291226037675093973117257799301111",
"146681726989945002917834536093676618379",
"23943841674606956798783994226607379740",
"248248434034428127516242042917013505669",
"191308500904521929716463889273329549521",
"13749670982161812646855302235333109355",
"12444422781526072477206863450927648608",
"280541489656150866585470130162917326239"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2024-22050-29c2d7a3",
"target": {
"file": "ext/iodine/iodine_mustache.c"
},
"source": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"signature_type": "Line"
},
{
"signature_version": "v1",
"digest": {
"function_hash": "242417480193540603525351161658982870668",
"length": 366.0
},
"deprecated": false,
"id": "CVE-2024-22050-38660ae8",
"target": {
"function": "fio_lib_destroy",
"file": "ext/iodine/fio.c"
},
"source": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"signature_type": "Function"
},
{
"signature_version": "v1",
"digest": {
"line_hashes": [
"280908511885717199073092994876779728990",
"141487355438291024093944390178844680118",
"180353999486103099113516280654316265606",
"87437097636883095138340213211039234010",
"147418283013791003563732145285546263846",
"321375816718064340927026938347507233439",
"131385606014775118444072173740099689513",
"133785737963593946858725757041742836200",
"111692144312521596210853493399769694564",
"179246416394697362893777095854042226275",
"265378723104373370574073702140273255104",
"117623707540903541600651247244882179647",
"108430555818681263356303663346961678483",
"170828622126793512120541982456922920223",
"211239919835382757324312488472990086075",
"132530916178052509688893324645495862085"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2024-22050-3bffb626",
"target": {
"file": "ext/iodine/http.c"
},
"source": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"signature_type": "Line"
},
{
"signature_version": "v1",
"digest": {
"line_hashes": [
"56576386603803166065328684709502257884",
"224074712244377232191475308205727464685",
"122243235198166163450523841190726088810",
"70123090624872474067758601365692472334",
"136534908303895042437056961826278680244",
"110966083076143275449638719511197075220",
"121336461826958048919402360890298910309"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2024-22050-4437d649",
"target": {
"file": "ext/iodine/fio_tls_missing.c"
},
"source": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"signature_type": "Line"
},
{
"signature_version": "v1",
"digest": {
"function_hash": "46638690044837430626349314112288833521",
"length": 5399.0
},
"deprecated": false,
"id": "CVE-2024-22050-4d28767d",
"target": {
"function": "http_sendfile2",
"file": "ext/iodine/http.c"
},
"source": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"signature_type": "Function"
},
{
"signature_version": "v1",
"digest": {
"function_hash": "127745843401041689553177101409169416566",
"length": 200.0
},
"deprecated": false,
"id": "CVE-2024-22050-5f806596",
"target": {
"function": "http1_on_ready",
"file": "ext/iodine/http1.c"
},
"source": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"signature_type": "Function"
},
{
"signature_version": "v1",
"digest": {
"function_hash": "326649285915850453462844758531638553294",
"length": 314.0
},
"deprecated": false,
"id": "CVE-2024-22050-5fdf847e",
"target": {
"function": "fio_cluster_listen_on_close",
"file": "ext/iodine/fio.c"
},
"source": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"signature_type": "Function"
},
{
"signature_version": "v1",
"digest": {
"function_hash": "42662463499097981455286215225020182809",
"length": 297.0
},
"deprecated": false,
"id": "CVE-2024-22050-69eb17f1",
"target": {
"function": "http1_on_response",
"file": "ext/iodine/http1.c"
},
"source": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"signature_type": "Function"
},
{
"signature_version": "v1",
"digest": {
"line_hashes": [
"255500364796310315191777693969758465658",
"192084490608897503639840050553659368648",
"238699211838738791062097417695674601357",
"296454173358443856893113488094401794577",
"152929563739340008953673921531430856783"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2024-22050-6eeeca81",
"target": {
"file": "ext/iodine/fiobj_numbers.h"
},
"source": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"signature_type": "Line"
},
{
"signature_version": "v1",
"digest": {
"function_hash": "261761220633011101962860117715236786838",
"length": 185.0
},
"deprecated": false,
"id": "CVE-2024-22050-7014c0e5",
"target": {
"function": "fio_sendfile",
"file": "ext/iodine/fio.h"
},
"source": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"signature_type": "Function"
},
{
"signature_version": "v1",
"digest": {
"line_hashes": [
"70123090624872474067758601365692472334",
"136534908303895042437056961826278680244",
"110966083076143275449638719511197075220",
"121336461826958048919402360890298910309"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2024-22050-70750e7d",
"target": {
"file": "ext/iodine/fio_tls_openssl.c"
},
"source": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"signature_type": "Line"
},
{
"signature_version": "v1",
"digest": {
"function_hash": "282972240868781709715833906353050024345",
"length": 257.0
},
"deprecated": false,
"id": "CVE-2024-22050-77258361",
"target": {
"function": "http1_on_error",
"file": "ext/iodine/http1.c"
},
"source": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"signature_type": "Function"
},
{
"signature_version": "v1",
"digest": {
"function_hash": "194928595838680424926988083859145878272",
"length": 515.0
},
"deprecated": false,
"id": "CVE-2024-22050-7df96507",
"target": {
"function": "fio_cluster_client_handler",
"file": "ext/iodine/fio.c"
},
"source": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"signature_type": "Function"
},
{
"signature_version": "v1",
"digest": {
"function_hash": "208662297930421725645092592916183382689",
"length": 987.0
},
"deprecated": false,
"id": "CVE-2024-22050-82966ce0",
"target": {
"function": "fio_worker_cleanup",
"file": "ext/iodine/fio.c"
},
"source": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"signature_type": "Function"
},
{
"signature_version": "v1",
"digest": {
"function_hash": "133484124071906007445097548894373170391",
"length": 164.0
},
"deprecated": false,
"id": "CVE-2024-22050-89aa8cd6",
"target": {
"function": "fio_throttle_thread",
"file": "ext/iodine/fio.h"
},
"source": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"signature_type": "Function"
},
{
"signature_version": "v1",
"digest": {
"function_hash": "14167535247897847132588924159911863310",
"length": 1401.0
},
"deprecated": false,
"id": "CVE-2024-22050-ac6640eb",
"target": {
"function": "http1_consume_data",
"file": "ext/iodine/http1.c"
},
"source": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"signature_type": "Function"
},
{
"signature_version": "v1",
"digest": {
"function_hash": "90237776732972266333223823949748661639",
"length": 504.0
},
"deprecated": false,
"id": "CVE-2024-22050-b55ce65e",
"target": {
"function": "sig_int_handler",
"file": "ext/iodine/fio.c"
},
"source": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"signature_type": "Function"
},
{
"signature_version": "v1",
"digest": {
"function_hash": "26932079826402610672831521326187608734",
"length": 683.0
},
"deprecated": false,
"id": "CVE-2024-22050-c0d8629f",
"target": {
"function": "fiobj_mustache_find_obj_absolute",
"file": "ext/iodine/iodine_mustache.c"
},
"source": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"signature_type": "Function"
},
{
"signature_version": "v1",
"digest": {
"function_hash": "17402096314329207663250208113530514467",
"length": 2761.0
},
"deprecated": false,
"id": "CVE-2024-22050-c202bc98",
"target": {
"function": "iodine_mustache_new",
"file": "ext/iodine/iodine_mustache.c"
},
"source": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"signature_type": "Function"
},
{
"signature_version": "v1",
"digest": {
"function_hash": "148364738963077223552247942436860460110",
"length": 291.0
},
"deprecated": false,
"id": "CVE-2024-22050-d7b8bcbb",
"target": {
"function": "fio_timer_calc_due",
"file": "ext/iodine/fio.c"
},
"source": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"signature_type": "Function"
},
{
"signature_version": "v1",
"digest": {
"function_hash": "68785889587176007020818173604086088645",
"length": 284.0
},
"deprecated": false,
"id": "CVE-2024-22050-dbcde291",
"target": {
"function": "fiobj_send_free",
"file": "ext/iodine/fiobj4fio.h"
},
"source": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"signature_type": "Function"
},
{
"signature_version": "v1",
"digest": {
"function_hash": "266928469100969845482775744494701866576",
"length": 226.0
},
"deprecated": false,
"id": "CVE-2024-22050-edbf7b3b",
"target": {
"function": "fio_tls_destroy",
"file": "ext/iodine/fio_tls_openssl.c"
},
"source": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"signature_type": "Function"
},
{
"signature_version": "v1",
"digest": {
"function_hash": "240180397927543958400852640740971243201",
"length": 272.0
},
"deprecated": false,
"id": "CVE-2024-22050-f2248cb8",
"target": {
"function": "fio_cluster_signal_children",
"file": "ext/iodine/fio.c"
},
"source": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"signature_type": "Function"
}
]