7.5
CVE-2024-22050
- EPSS 0.91%
- Veröffentlicht 04.01.2024 21:15:10
- Zuletzt bearbeitet 29.11.2025 02:15:50
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
LoginIodine Static File Server Path Traversal Vulnerability
Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.91% | 0.554 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
https://github.com/advisories/GHSA-85rf-xh54-whp3
https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889
https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3
https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3