CVE-2020-15230

Опубликовано: 02 окт. 2020

Источник: nvd

CVSS3: 8.5

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

Vapor is a web framework for Swift. In Vapor before version 4.29.4, Attackers can access data at arbitrary filesystem paths on the same host as an application. Only applications using FileMiddleware are affected. This is fixed in version 4.29.4.

Ссылки

https://github.com/vapor/vapor/commit/cf1651f7ff76515593f4d8ca6e6e15d2247fe255
Patch
Third Party Advisory
https://github.com/vapor/vapor/pull/2500
Third Party Advisory
https://github.com/vapor/vapor/security/advisories/GHSA-vcvg-xgr8-p5gq
Third Party Advisory
https://github.com/vapor/vapor/commit/cf1651f7ff76515593f4d8ca6e6e15d2247fe255
Patch
Third Party Advisory
https://github.com/vapor/vapor/pull/2500
Third Party Advisory
https://github.com/vapor/vapor/security/advisories/GHSA-vcvg-xgr8-p5gq
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vapor_project:vapor:*:*:*:*:*:swift:*:*

Версия до 4.29.4 (исключая)

EPSS

Процентиль: 68%

0.00567

Низкий

8.5 High

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-vcvg-xgr8-p5gq

CVSS3: 6.5

github

больше 2 лет назад

Arbitrary file read using percent-encoded relative paths in FileMiddleware

EPSS

Процентиль: 68%

0.00567

Низкий

8.5 High

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-22