exploitDog

CVE-2021-32061

Опубликовано: 29 нояб. 2021

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

S3Scanner before 2.0.2 allows Directory Traversal via a crafted bucket, as demonstrated by a ../ substring in a ListBucketResult element.

Ссылки

https://github.com/sa7mon/S3Scanner/issues/122
Third Party Advisory
https://github.com/sa7mon/S3Scanner/releases/tag/2.0.2
Release Notes
Third Party Advisory
https://vuln.ryotak.me/advisories/62
Third Party Advisory
https://github.com/sa7mon/S3Scanner/issues/122
Third Party Advisory
https://github.com/sa7mon/S3Scanner/releases/tag/2.0.2
Release Notes
Third Party Advisory
https://vuln.ryotak.me/advisories/62
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:s3scanner_project:s3scanner:*:*:*:*:*:*:*:*

Версия до 2.0.2 (исключая)

EPSS

Процентиль: 59%

0.00387

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-qppg-v75c-r5ff

CVSS3: 5.3

github

около 4 лет назад

S3Scanner allows Directory Traversal

EPSS

Процентиль: 59%

0.00387

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22