GHSA-c9pw-f4wp-22jr

Source

https://github.com/advisories/GHSA-c9pw-f4wp-22jr

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-c9pw-f4wp-22jr/GHSA-c9pw-f4wp-22jr.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-c9pw-f4wp-22jr

Aliases

CVE-2015-10030

Published

2023-01-08T12:30:24Z

Modified

2023-11-08T03:57:49.209518Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

SUKOHI Surpass Path Traversal vulnerability

Details

A vulnerability has been found in SUKOHI Surpass and classified as critical. This vulnerability affects unknown code of the file src/Sukohi/Surpass/Surpass.php. The manipulation of the argument dir leads to pathname traversal. Upgrading to version 1.0.0 can address this issue. The name of the patch is d22337d453a2a14194cdb02bf12cdf9d9f827aa7. It is recommended to upgrade the affected component. VDB-217642 is the identifier assigned to this vulnerability.

Database specific

{
    "nvd_published_at": "2023-01-08T10:15:00Z",
    "cwe_ids": [
        "CWE-22"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-01-12T23:41:02Z"
}

References

Affected packages

Packagist / sukohi/surpass

Package

Name: sukohi/surpass
Purl: pkg:composer/sukohi/surpass

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.0