GHSA-rmcx-fg5w-x8j9

Source

https://github.com/advisories/GHSA-rmcx-fg5w-x8j9

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-rmcx-fg5w-x8j9/GHSA-rmcx-fg5w-x8j9.json

Aliases

CVE-2022-45921

Published

2022-11-28T21:30:21Z

Modified

2023-11-08T04:10:54.309535Z

Details

FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-45921
https://github.com/FusionAuth/fusionauth-issues/issues/1983
https://fusionauth.io/docs/v1/tech/release-notes
https://github.com/FusionAuth/fusionauth-java-client

Affected packages

Maven / io.fusionauth:fusionauth-java-client

Package

Name: io.fusionauth:fusionauth-java-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.37.0

Fixed

1.41.3

Affected versions

1.*

1.37.0

1.38.0

1.39.0

1.40.1

1.41.0