GHSA-rrhw-54r8-545q

Source

https://github.com/advisories/GHSA-rrhw-54r8-545q

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rrhw-54r8-545q/GHSA-rrhw-54r8-545q.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-rrhw-54r8-545q

Aliases

CVE-2022-1850

Published

2022-05-25T00:00:39Z

Modified

2023-11-08T04:07:51.639686Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

Path Traversal in FileGator

Details

Path Traversal in FileGator prior to 7.8.0 for non-admin users. Files created with ..\ as part of their name will be interpreted as a path. Users are thus able to add filesystem entries outside the scope of their user to their dashboard and subsequently are able to modify those files.

Database specific

{
    "nvd_published_at": "2022-05-24T15:15:00Z",
    "github_reviewed_at": "2022-05-25T22:52:38Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-22"
    ]
}

References

Affected packages

Packagist / filegator/filegator

Package

Name: filegator/filegator
Purl: pkg:composer/filegator/filegator

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.8.0

Affected versions

v7.*

v7.0.0-RC1

v7.0.0-RC2

v7.0.0-RC3

v7.0.0

v7.0.1

v7.1.0

v7.1.1

v7.1.2

v7.1.3

v7.1.4

v7.1.5

v7.1.6

v7.2.0

v7.2.1

v7.3.0

v7.3.1

v7.3.2

v7.3.3

v7.3.4

v7.3.5

v7.4.0

v7.4.1

v7.4.2

v7.4.3

v7.4.4

v7.4.5

v7.4.6

v7.4.7

v7.5.0

v7.5.1

v7.5.2

v7.5.3

v7.6.0

v7.7.0

v7.7.1

v7.7.2