CVE-2018-25059

Опубликовано: 30 дек. 2022

Источник: nvd

CVSS3: 3.5

CVSS3: 5.3

CVSS2: 2.7

EPSS Низкий

Описание

A vulnerability was found in pastebinit up to 0.2.2 and classified as problematic. Affected by this issue is the function pasteHandler of the file server.go. The manipulation of the argument r.URL.Path leads to path traversal. Upgrading to version 0.2.3 is able to address this issue. The name of the patch is 1af2facb6d95976c532b7f8f82747d454a092272. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217040.

Ссылки

https://github.com/jessfraz/pastebinit/commit/1af2facb6d95976c532b7f8f82747d454a092272
Patch
Third Party Advisory
https://github.com/jessfraz/pastebinit/pull/3
Issue Tracking
Patch
Third Party Advisory
https://github.com/jessfraz/pastebinit/releases/tag/v0.2.3
Release Notes
Third Party Advisory
https://vuldb.com/?ctiid.217040
Third Party Advisory
https://vuldb.com/?id.217040
Third Party Advisory
https://github.com/jessfraz/pastebinit/commit/1af2facb6d95976c532b7f8f82747d454a092272
Patch
Third Party Advisory
https://github.com/jessfraz/pastebinit/pull/3
Issue Tracking
Patch
Third Party Advisory
https://github.com/jessfraz/pastebinit/releases/tag/v0.2.3
Release Notes
Third Party Advisory
https://vuldb.com/?ctiid.217040
Third Party Advisory
https://vuldb.com/?id.217040
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pastebinit_project:pastebinit:*:*:*:*:*:*:*:*

Версия до 0.2.2 (включая)

EPSS

Процентиль: 60%

0.00404

Низкий

3.5 Low

CVSS3

5.3 Medium

CVSS3

2.7 Low

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-cwh7-28vg-jmpr

CVSS3: 5.3

github

около 3 лет назад

pastebinit Path Traversal vulnerability

EPSS

Процентиль: 60%

0.00404

Низкий

3.5 Low

CVSS3

5.3 Medium

CVSS3

2.7 Low

CVSS2

Дефекты

CWE-22