GHSA-w7c4-5w4f-jm3g

Suggest an improvement
Source
https://github.com/advisories/GHSA-w7c4-5w4f-jm3g
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-w7c4-5w4f-jm3g/GHSA-w7c4-5w4f-jm3g.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-w7c4-5w4f-jm3g
Withdrawn
2024-11-05T16:19:40Z
Published
2024-08-05T21:29:27Z
Modified
2024-11-05T16:19:40Z
Severity
  • 8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L CVSS Calculator
  • 8.8 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Summary
Duplicate Advisory: Reposilite Arbitrary File Read vulnerability
Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-82j3-hf72-7x93. This link is maintained to preserve external references.

Original description

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version 3.5.12. There are no known workarounds for this vulnerability. This issue was discovered and reported by the GitHub Security lab and is also tracked as GHSL-2024-074.

Database specific 
{
    "nvd_published_at": "2024-06-19T18:15:11Z",
    "cwe_ids": [
        "CWE-22"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-08-05T21:29:27Z"
}
References

Affected packages

Maven / com.reposilite:reposilite-backend

Package

Name
com.reposilite:reposilite-backend
View open source insights on deps.dev
Purl
pkg:maven/com.reposilite/reposilite-backend

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.3.0
Fixed
3.5.12