logo

Database

Lack of data validation - Path Traversal In rdiffweb

Description

rdiffweb Path Traversal vulnerability rdiffweb prior to 2.4.10 is vulnerable to Path Traversal. Version 2.4.10 contains a patch.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2022-33892. NVD-2022-33893. OSV-2022-33894. GCVE-2022-3389

References

1. https://github.com/ikus060/rdiffweb/commit/323383d1db656f1b1291be529947bd943a6b0e992. https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-302.yaml3. https://huntr.dev/bounties/f7d2a6ab-2faf-4719-bdb6-e4e5d6065752

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.