GHSA-j63m-2vr6-fv7m

Suggest an improvement
Source
https://github.com/advisories/GHSA-j63m-2vr6-fv7m
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-j63m-2vr6-fv7m/GHSA-j63m-2vr6-fv7m.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-j63m-2vr6-fv7m
Aliases
Published
2025-01-30T15:31:39Z
Modified
2025-01-30T18:12:25.551745Z
Severity
  • 7.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
DevDojo Voyager vulnerable to path traversal
Details

DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass.

Database specific
{
    "nvd_published_at": "2025-01-30T15:15:17Z",
    "cwe_ids": [
        "CWE-22"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2025-01-30T17:56:32Z"
}
References

Affected packages

Packagist / tcg/voyager

Package

Name
tcg/voyager
Purl
pkg:composer/tcg/voyager

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
1.8.0

Affected versions

v0.*

v0.11.14

v1.*

v1.0.10
v1.0.11
v1.0.12
v1.0.13
v1.0.14
v1.0.15
v1.0.16
v1.0.17
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.1.4
v1.1.5
v1.1.6
v1.1.7
v1.1.8
v1.1.9
v1.1.10
v1.1.11
v1.1.12
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.2.6
v1.2.7
v1.3.0
v1.3.1
v1.3.2
v1.4.0
v1.4.1
v1.4.2
v1.4.3
v1.5.0
v1.5.1
v1.5.2
v1.6.0
v1.7
v1.8.0