Description

In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal.

Remediation

References

https://github.com/whitesource/CureKit/commit/af35e870ed09411d2f1fae6db1b04598cd1a31b6

https://www.mend.io/vulnerability-database/CVE-2022-23082

Related Vulnerabilities

CVE-2020-28443 Vulnerability in npm package sonar-wrapper

CVE-2022-47105 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-base-core

CVE-2021-23327 Vulnerability in npm package apexcharts

CVE-2022-35915 Vulnerability in npm package @openzeppelin/contracts-upgradeable

CVE-2020-7769 Vulnerability in maven package org.webjars.npm:nodemailer

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Patch Third Party Advisory Vendor Advisory