Search criteria
2 vulnerabilities found for CureKit by WhiteSource
CVE-2022-23082 (GCVE-0-2022-23082)
Vulnerability from cvelistv5 – Published: 2022-05-31 14:40 – Updated: 2024-09-17 02:42
VLAI?
Title
CureKit - Path Traversal in isFileOutsideDir
Summary
In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WhiteSource | CureKit |
Affected:
v1.0.1 , < unspecified
(custom)
Affected: unspecified , ≤ v1.1.3 (custom) |
Credits
Jonathan Leitschuh
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:43.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/whitesource/CureKit/commit/af35e870ed09411d2f1fae6db1b04598cd1a31b6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mend.io/vulnerability-database/CVE-2022-23082"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CureKit",
"vendor": "WhiteSource",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v1.0.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "v1.1.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jonathan Leitschuh"
}
],
"datePublic": "2022-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-01T09:30:12",
"orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"shortName": "Mend"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/whitesource/CureKit/commit/af35e870ed09411d2f1fae6db1b04598cd1a31b6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mend.io/vulnerability-database/CVE-2022-23082"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version V1.1.4"
}
],
"source": {
"advisory": "https://www.mend.io/vulnerability-database/",
"discovery": "UNKNOWN"
},
"title": "CureKit - Path Traversal in isFileOutsideDir",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"DATE_PUBLIC": "2022-05-31T13:20:00.000Z",
"ID": "CVE-2022-23082",
"STATE": "PUBLIC",
"TITLE": "CureKit - Path Traversal in isFileOutsideDir"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CureKit",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v1.0.1"
},
{
"version_affected": "\u003c=",
"version_value": "v1.1.3"
}
]
}
}
]
},
"vendor_name": "WhiteSource"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jonathan Leitschuh"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/whitesource/CureKit/commit/af35e870ed09411d2f1fae6db1b04598cd1a31b6",
"refsource": "MISC",
"url": "https://github.com/whitesource/CureKit/commit/af35e870ed09411d2f1fae6db1b04598cd1a31b6"
},
{
"name": "https://www.mend.io/vulnerability-database/CVE-2022-23082",
"refsource": "MISC",
"url": "https://www.mend.io/vulnerability-database/CVE-2022-23082"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to version V1.1.4"
}
],
"source": {
"advisory": "https://www.mend.io/vulnerability-database/",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"assignerShortName": "Mend",
"cveId": "CVE-2022-23082",
"datePublished": "2022-05-31T14:40:10.184672Z",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-09-17T02:42:40.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23082 (GCVE-0-2022-23082)
Vulnerability from nvd – Published: 2022-05-31 14:40 – Updated: 2024-09-17 02:42
VLAI?
Title
CureKit - Path Traversal in isFileOutsideDir
Summary
In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WhiteSource | CureKit |
Affected:
v1.0.1 , < unspecified
(custom)
Affected: unspecified , ≤ v1.1.3 (custom) |
Credits
Jonathan Leitschuh
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:43.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/whitesource/CureKit/commit/af35e870ed09411d2f1fae6db1b04598cd1a31b6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mend.io/vulnerability-database/CVE-2022-23082"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CureKit",
"vendor": "WhiteSource",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v1.0.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "v1.1.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jonathan Leitschuh"
}
],
"datePublic": "2022-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-01T09:30:12",
"orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"shortName": "Mend"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/whitesource/CureKit/commit/af35e870ed09411d2f1fae6db1b04598cd1a31b6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mend.io/vulnerability-database/CVE-2022-23082"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version V1.1.4"
}
],
"source": {
"advisory": "https://www.mend.io/vulnerability-database/",
"discovery": "UNKNOWN"
},
"title": "CureKit - Path Traversal in isFileOutsideDir",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"DATE_PUBLIC": "2022-05-31T13:20:00.000Z",
"ID": "CVE-2022-23082",
"STATE": "PUBLIC",
"TITLE": "CureKit - Path Traversal in isFileOutsideDir"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CureKit",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v1.0.1"
},
{
"version_affected": "\u003c=",
"version_value": "v1.1.3"
}
]
}
}
]
},
"vendor_name": "WhiteSource"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jonathan Leitschuh"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/whitesource/CureKit/commit/af35e870ed09411d2f1fae6db1b04598cd1a31b6",
"refsource": "MISC",
"url": "https://github.com/whitesource/CureKit/commit/af35e870ed09411d2f1fae6db1b04598cd1a31b6"
},
{
"name": "https://www.mend.io/vulnerability-database/CVE-2022-23082",
"refsource": "MISC",
"url": "https://www.mend.io/vulnerability-database/CVE-2022-23082"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to version V1.1.4"
}
],
"source": {
"advisory": "https://www.mend.io/vulnerability-database/",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"assignerShortName": "Mend",
"cveId": "CVE-2022-23082",
"datePublished": "2022-05-31T14:40:10.184672Z",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-09-17T02:42:40.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}