GHSA-gwwr-j923-vq7r

Suggest an improvement
Source
https://github.com/advisories/GHSA-gwwr-j923-vq7r
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/11/GHSA-gwwr-j923-vq7r/GHSA-gwwr-j923-vq7r.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-gwwr-j923-vq7r
Aliases
  • CVE-2025-13262
Published
2025-11-17T06:30:15Z
Modified
2025-11-17T20:43:59.768229Z
Severity
  • 7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
  • 5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
lsFusion Platform has Path Traversal vulnerability
Details

A vulnerability was determined in lsfusion platform up to 6.1. Affected by this vulnerability is the function UploadFileRequestHandler of the file platform/web-client/src/main/java/lsfusion/http/controller/file/UploadFileRequestHandler.java. Executing manipulation of the argument sid can lead to path traversal. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.

Database specific 
{
    "github_reviewed": true,
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-22"
    ],
    "nvd_published_at": "2025-11-17T05:16:04Z",
    "github_reviewed_at": "2025-11-17T19:56:30Z"
}
References

Affected packages

Maven / lsfusion.platform:web-client

Package

Name
lsfusion.platform:web-client
View open source insights on deps.dev
Purl
pkg:maven/lsfusion.platform/web-client

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
6.1