CVE-2024-22050

Опубликовано: 04 янв. 2024

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs.

Ссылки

https://github.com/advisories/GHSA-85rf-xh54-whp3
Patch
Third Party Advisory
https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889
Patch
https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3
Vendor Advisory
https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3
Patch
Third Party Advisory
https://github.com/advisories/GHSA-85rf-xh54-whp3
Patch
Third Party Advisory
https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889
Patch
https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3
Vendor Advisory
https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:boazsegev:iodine:*:*:*:*:*:ruby:*:*

Версия до 0.7.33 (включая)

EPSS

Процентиль: 59%

0.00382

Низкий

7.5 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-85rf-xh54-whp3