GHSA-2gq2-m628-33xp – gregwar/rst

Package

Manager: composer
Name: gregwar/rst
Vulnerable Version: >=0 <1.0.3

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

gregwar/rst Local File Inclusion Vulnerability A Local File Inclusion (LFI) vulnerability has been discovered in the gregwar/rst library, potentially exposing sensitive files on the server to unauthorized users. The issue arises from inadequate input validation, allowing an attacker to manipulate file paths and include arbitrary files.

Metadata

Created: 2024-05-15T21:49:20Z
Modified: 2024-05-15T21:49:20Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-2gq2-m628-33xp/GHSA-2gq2-m628-33xp.json
CWE IDs: []
Alternative ID: N/A
Finding: F123
Auto approve: 1