PT-2022-15838 · Curekit · Curekit

Jonathan Leitschuh

Published

2022-05-31

Updated

2022-06-10

CVE-2022-23082

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions CureKit versions v1.0.1 through v1.1.3

Description The issue arises from the function isFileOutsideDir failing to sanitize user input, which may lead to path traversal.

Recommendations For CureKit versions v1.0.1 through v1.1.3, consider disabling the isFileOutsideDir function until a patch is available to prevent path traversal attacks.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2022-23082

GHSA-M9VJ-44F3-78XW

Affected Products

Curekit

PT-2022-15838 · Curekit · Curekit

CVE-2022-23082

Weakness Enumeration

Related Identifiers

Affected Products

References · 9