PT-2022-17237 · Unknown · Awful-Salmonella-Tar

Chris Brannon

Published

2022-02-18

Updated

2022-03-01

CVE-2022-25358

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions awful-salmonella-tar versions prior to 0.0.4

Description A ..%2F path traversal vulnerability exists in the path handler of awful-salmonella-tar. Attackers can only list directories, not read files. This occurs because the safe-path? Scheme predicate is not used for directories.

Recommendations For versions prior to 0.0.4, update to version 0.0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the path handler to minimize the risk of exploitation.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2022-25358

Affected Products

Awful-Salmonella-Tar

PT-2022-17237 · Unknown · Awful-Salmonella-Tar

CVE-2022-25358

Weakness Enumeration

Related Identifiers

Affected Products

References · 6