Description
In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal.
Remediation
References
https://github.com/whitesource/CureKit/commit/af35e870ed09411d2f1fae6db1b04598cd1a31b6
https://www.mend.io/vulnerability-database/CVE-2022-23082
Related Vulnerabilities
CVE-2023-45280 Vulnerability in maven package org.yamcs:yamcs-core
CVE-2019-9153 Vulnerability in maven package org.webjars.npm:openpgp
CVE-2023-37963 Vulnerability in maven package io.jenkins.plugins:benchmark-evaluator
CVE-2021-31405 Vulnerability in maven package com.vaadin:vaadin-text-field-flow
CVE-2021-23497 Vulnerability in npm package @strikeentco/set