GHSA-29g5-m8v7-v564

Опубликовано: 15 июл. 2025

Источник: github

Github: Прошло ревью

CVSS4: 4.9

Описание

Measured is vulnerable to Path Traversal attacks during class initialization

Impact

A path traversal vulnerability exists where an attacker with access to manipulate inputs when initializing the Measured::Cache::Json class would be able to instruct the library to read arbitrary files.

Patches

Users should update to the latest version.

Ссылки

https://github.com/Shopify/measured/security/advisories/GHSA-29g5-m8v7-v564
https://github.com/Shopify/measured/commit/d6319985a2304d97c085e3dc45c98af554f4be76

Пакеты

Наименование

measured

rubygems

Затронутые версииВерсия исправления

< 3.2.1

3.2.1

4.9 Medium

CVSS4

Дефекты

CWE-22

4.9 Medium

CVSS4

Дефекты

CWE-22