logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2023-45278 org.yamcs:yamcs

Package

Manager: maven
Name: org.yamcs:yamcs
Vulnerable Version: >=0 <5.8.7

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.01967 pctl0.8281

Details

Yamcs API Directory Traversal vulnerability Directory Traversal vulnerability in the storage functionality of the API in Yamcs 5.8.6 allows attackers to delete arbitrary files via crafted HTTP DELETE request.

Metadata

Created: 2023-10-19T18:30:30Z
Modified: 2023-10-25T16:57:42Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-43fw-536j-w37j/GHSA-43fw-536j-w37j.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-43fw-536j-w37j
Finding: F063
Auto approve: 1