PT-2021-14376 · Keymaker · Keymaker

Published

2021-01-20

Updated

2021-01-27

CVE-2021-21269

CVSS v3.1

7.7

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Keymaker versions prior to 0.2.0

Description: The issue concerns a path traversal attack due to insufficient checking of user input in the join method, potentially allowing access to more files than intended. This is related to the assets endpoint not verifying file extensions.

Recommendations: For versions prior to 0.2.0, update to version 0.2.0 to resolve the issue. As a temporary workaround, consider restricting access to the assets endpoint until the update can be applied.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2021-21269

GHSA-PG25-XFCF-VJVM

Affected Products

Keymaker

PT-2021-14376 · Keymaker · Keymaker

CVE-2021-21269

Weakness Enumeration

Related Identifiers

Affected Products

References · 4