CVE-2022-25298

This affects the package sprinfall/webcc before 0.3.0. It is possible to traverse directories to fetch arbitrary files from the server.
Configurations

Configuration 1 (hide)

cpe:2.3:a:webcc_project:webcc:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:51

Type Values Removed Values Added
References () https://github.com/sprinfall/webcc/commit/55a45fd5039061d5cc62e9f1b9d1f7e97a15143f - Patch, Third Party Advisory () https://github.com/sprinfall/webcc/commit/55a45fd5039061d5cc62e9f1b9d1f7e97a15143f - Patch, Third Party Advisory
References () https://snyk.io/vuln/SNYK-UNMANAGED-SPRINFALLWEBCC-2404182 - Exploit, Patch, Third Party Advisory () https://snyk.io/vuln/SNYK-UNMANAGED-SPRINFALLWEBCC-2404182 - Exploit, Patch, Third Party Advisory

25 Feb 2022, 20:26

Type Values Removed Values Added
References (MISC) https://github.com/sprinfall/webcc/commit/55a45fd5039061d5cc62e9f1b9d1f7e97a15143f - (MISC) https://github.com/sprinfall/webcc/commit/55a45fd5039061d5cc62e9f1b9d1f7e97a15143f - Patch, Third Party Advisory
References (MISC) https://snyk.io/vuln/SNYK-UNMANAGED-SPRINFALLWEBCC-2404182 - (MISC) https://snyk.io/vuln/SNYK-UNMANAGED-SPRINFALLWEBCC-2404182 - Exploit, Patch, Third Party Advisory
CPE cpe:2.3:a:webcc_project:webcc:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 7.5
CWE CWE-22

18 Feb 2022, 14:30

Type Values Removed Values Added
New CVE

Information

Published : 2022-02-18 13:15

Updated : 2024-11-21 06:51


NVD link : CVE-2022-25298

Mitre link : CVE-2022-25298

CVE.ORG link : CVE-2022-25298


JSON object : View

Products Affected

webcc_project

  • webcc
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')