PT-2023-20030 · Unknown+1 · Swig-Templates+1

Y1Nglamore

Publicado

2023-03-15

Atualizado

2025-02-27

CVE-2023-25345

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions swig-templates versions 2.0.4 and earlier swig versions 1.4.2 and earlier

Description A directory traversal issue allows attackers to read arbitrary files via the include or extends tags. This can be exploited by attackers to access sensitive information.

Recommendations For swig-templates versions 2.0.4 and earlier, consider disabling the include or extends tags until a patch is available. For swig versions 1.4.2 and earlier, restrict access to the tags to minimize the risk of exploitation. As a temporary workaround, avoid using the include or extends tags in swig-templates and swig until the issue is resolved.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2023-25345

GHSA-2RQ5-699J-X7P6

Produtos afetados

Swig

Swig-Templates

PT-2023-20030 · Unknown+1 · Swig-Templates+1

CVE-2023-25345

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8