GHSA-2gq2-m628-33xp

Suggest an improvement
Source
https://github.com/advisories/GHSA-2gq2-m628-33xp
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-2gq2-m628-33xp/GHSA-2gq2-m628-33xp.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-2gq2-m628-33xp
Published
2024-05-15T21:49:20Z
Modified
2024-11-29T05:41:31.850172Z
Summary
gregwar/rst Local File Inclusion Vulnerability
Details

A Local File Inclusion (LFI) vulnerability has been discovered in the gregwar/rst library, potentially exposing sensitive files on the server to unauthorized users. The issue arises from inadequate input validation, allowing an attacker to manipulate file paths and include arbitrary files.

Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-15T21:49:20Z"
}
References

Affected packages

Packagist / gregwar/rst

Package

Name
gregwar/rst
Purl
pkg:composer/gregwar/rst

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.3

Affected versions

v1.*

v1.0.0
v1.0.1
v1.0.2