Описание
A ..%2F path traversal vulnerability exists in the path handler of awful-salmonella-tar before 0.0.4. Attackers can only list directories (not read files). This occurs because the safe-path? Scheme predicate is not used for directories.
Ссылки
- PatchThird Party Advisory
- ProductThird Party Advisory
- PatchThird Party Advisory
- ProductThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.0.4 (исключая)
cpe:2.3:a:awful-salmonella-tar_project:awful-salmonella-tar:*:*:*:*:*:*:*:*
EPSS
Процентиль: 50%
0.00274
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
почти 4 года назад
A ..%2F path traversal vulnerability exists in the path handler of awful-salmonella-tar before 0.0.4. Attackers can only list directories (not read files). This occurs because the safe-path? Scheme predicate is not used for directories.
EPSS
Процентиль: 50%
0.00274
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22