GHSA-w4m2-qmh3-2g8f

Suggest an improvement
Source
https://github.com/advisories/GHSA-w4m2-qmh3-2g8f
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-w4m2-qmh3-2g8f/GHSA-w4m2-qmh3-2g8f.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-w4m2-qmh3-2g8f
Aliases
Published
2023-10-19T18:30:30Z
Modified
2024-02-16T08:17:46.916104Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Yamcs Path Traversal vulnerability
Details

Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files.

References

Affected packages

Maven / org.yamcs:yamcs

Package

Name
org.yamcs:yamcs
View open source insights on deps.dev
Purl
pkg:maven/org.yamcs/yamcs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.8.7

Affected versions

0.*

0.29.3
0.30.0

3.*

3.0.0
3.1.0
3.1.1
3.1.2
3.2.0
3.2.1
3.2.2
3.3.0
3.3.1
3.4.0
3.4.1
3.4.2
3.4.3
3.4.4
3.4.5
3.4.6
3.4.8
3.4.11

4.*

4.0.0
4.0.1
4.1.1
4.1.2
4.2.0
4.2.1
4.2.2
4.3.0
4.3.1
4.4.0
4.4.1
4.4.2
4.5.0
4.6.0
4.6.1
4.6.2
4.6.3
4.7
4.7.1
4.7.3
4.8.0
4.8.1
4.9.0
4.9.1
4.9.2
4.9.3
4.9.4
4.10.0
4.10.1
4.10.2
4.10.3
4.10.4
4.10.5
4.10.6
4.10.7
4.10.8
4.10.9

5.*

5.0.0
5.1.0
5.1.1
5.1.2
5.1.3
5.1.4
5.2.0
5.2.1
5.2.2
5.2.3
5.2.4
5.2.5
5.2.6
5.3.0
5.3.1
5.3.2
5.3.3
5.3.4
5.3.5
5.3.6
5.4.0
5.4.1
5.4.2
5.4.3
5.4.4
5.4.5
5.5.0
5.5.1
5.5.2
5.5.3
5.5.4
5.5.5
5.5.6
5.5.7
5.6.0
5.6.1
5.6.2
5.7.0
5.7.1
5.7.2
5.7.3
5.7.4
5.7.5
5.7.6
5.7.7
5.7.8
5.7.9
5.7.10
5.7.11
5.7.12
5.7.13
5.8.0
5.8.1
5.8.2
5.8.3
5.8.4
5.8.5
5.8.6