GHSA-qwf7-rv77-fcr3 – iodine

Package

Manager: gem
Name: iodine
Vulnerable Version: <0

Severity

Level: Low

CVSS v3.1: N/A

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

Duplicate Advisory: Malicious URL drafting attack against iodines static file server may allow path traversal ### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-85rf-xh54-whp3. This link is maintained to preserve external references. ### Original Description Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs.

Metadata

Created: 2024-01-04T21:30:24Z
Modified: 2024-01-05T15:28:54Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-qwf7-rv77-fcr3/GHSA-qwf7-rv77-fcr3.json
CWE IDs: ["CWE-22"]
Alternative ID: N/A
Finding: N/A
Auto approve: 0