CVE-2021-21269

Опубликовано: 20 янв. 2021

Источник: nvd

CVSS3: 7.7

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

Keymaker is a Mastodon Community Finder based Matrix Community serverlist page Server. In Keymaker before version 0.2.0, the assets endpoint did not check for the extension. The rust join method without checking user input might have made it abe to do a Path Traversal attack causing to read more files than allowed. This is fixed in version 0.2.0.

Ссылки

https://github.com/keymaker-mx/keymaker/commit/63f3012b390ff1519a84100df9e5dff5058bb926
Patch
Third Party Advisory
https://github.com/keymaker-mx/keymaker/security/advisories/GHSA-pg25-xfcf-vjvm
Third Party Advisory
https://github.com/keymaker-mx/keymaker/commit/63f3012b390ff1519a84100df9e5dff5058bb926
Patch
Third Party Advisory
https://github.com/keymaker-mx/keymaker/security/advisories/GHSA-pg25-xfcf-vjvm
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:keymaker_project:keymaker:*:*:*:*:*:*:*:*

Версия до 0.2.0 (исключая)

EPSS

Процентиль: 58%

0.00358

Низкий

7.7 High

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-22

EPSS

Процентиль: 58%

0.00358

Низкий

7.7 High

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-22