GHSA-cv3m-hxpc-4hvm

Suggest an improvement
Source
https://github.com/advisories/GHSA-cv3m-hxpc-4hvm
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/11/GHSA-cv3m-hxpc-4hvm/GHSA-cv3m-hxpc-4hvm.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-cv3m-hxpc-4hvm
Aliases
  • CVE-2025-13435
Published
2025-11-20T15:30:23Z
Modified
2025-11-20T18:42:51.639787Z
Severity
  • 5.6 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
  • 2.9 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
Resty has a Path Traversal vulnerability
Details

A security vulnerability has been detected in Dreampie Resty versions up to the 1.3.1.SNAPSHOT. This affects the function Request of the file /resty-httpclient/src/main/java/cn/dreampie/client/HttpClient.java of the component HttpClient Module. Such manipulation of the argument filename leads to path traversal. The attack may be performed from remote. Attacks of this nature are highly complex. The exploitability is reported as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Database specific 
{
    "github_reviewed": true,
    "github_reviewed_at": "2025-11-20T17:57:02Z",
    "nvd_published_at": "2025-11-20T15:17:24Z",
    "severity": "LOW",
    "cwe_ids": [
        "CWE-22"
    ]
}
References

Affected packages

Maven / cn.dreampie:resty

Package

Name
cn.dreampie:resty
View open source insights on deps.dev
Purl
pkg:maven/cn.dreampie/resty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
1.3.1.SNAPSHOT

Affected versions

1.*
1.0
1.1.0
1.3.0.RELEASE

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/11/GHSA-cv3m-hxpc-4hvm/GHSA-cv3m-hxpc-4hvm.json"