GHSA-8p8g-f9vg-r7xr

Suggest an improvement
Source
https://github.com/advisories/GHSA-8p8g-f9vg-r7xr
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/12/GHSA-8p8g-f9vg-r7xr/GHSA-8p8g-f9vg-r7xr.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-8p8g-f9vg-r7xr
Aliases
Published
2018-12-21T17:48:19Z
Modified
2024-02-16T08:01:53.624924Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
Directory Traversal vulnerability in Square Retrofit
Details

Square Retrofit versions from (including) 2.0 to 2.5.0 (excluding) contain a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter. By manipulating the URL an attacker could add or delete resources otherwise unavailable to her. This attack appears to be exploitable via an encoded path parameter on POST, PUT or DELETE request. This vulnerability appears to have been fixed in 2.5.0 and later.

References

Affected packages

Maven / com.squareup.retrofit2:retrofit

Package

Name
com.squareup.retrofit2:retrofit
View open source insights on deps.dev
Purl
pkg:maven/com.squareup.retrofit2/retrofit

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.0.0
Fixed
2.5.0

Affected versions

2.*

2.0.0
2.0.1
2.0.2
2.1.0
2.2.0
2.3.0
2.4.0