Описание
Duplicate Advisory: Malicious URL drafting attack against iodines static file server may allow path traversal
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-85rf-xh54-whp3. This link is maintained to preserve external references.
Original Description
Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs.
Ссылки
- https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3
- https://nvd.nist.gov/vuln/detail/CVE-2024-22050
- https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889
- https://github.com/advisories/GHSA-85rf-xh54-whp3
- https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3
Пакеты
Наименование
iodine
rubygems
Затронутые версииВерсия исправления
Отсутствует
Дефекты
CWE-22
Дефекты
CWE-22