Description

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.

Remediation

References

https://access.redhat.com/errata/RHSA-2023:2135

https://access.redhat.com/errata/RHSA-2023:3906

https://access.redhat.com/security/cve/CVE-2022-4244

https://bugzilla.redhat.com/show_bug.cgi?id=2149841

Related Vulnerabilities

CVE-2020-28052 Vulnerability in maven package org.bouncycastle:bcprov-jdk15to18

CVE-2018-3722 Vulnerability in npm package merge-deep

CVE-2021-32573 Vulnerability in npm package express-cart

CVE-2020-7792 Vulnerability in maven package org.webjars:mout

CVE-2022-35961 Vulnerability in npm package @openzeppelin/contracts

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Third Party Advisory Issue Tracking