PT-2023-20030 · Unknown+1 · Swig-Templates+1
Y1Nglamore
·
Published
2023-03-15
·
Updated
2025-02-27
·
CVE-2023-25345
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
swig-templates versions 2.0.4 and earlier
swig versions 1.4.2 and earlier
Description
A directory traversal issue allows attackers to read arbitrary files via the include or extends tags. This can be exploited by attackers to access sensitive information.
Recommendations
For swig-templates versions 2.0.4 and earlier, consider disabling the include or extends tags until a patch is available.
For swig versions 1.4.2 and earlier, restrict access to the tags to minimize the risk of exploitation.
As a temporary workaround, avoid using the include or extends tags in swig-templates and swig until the issue is resolved.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Swig
Swig-Templates