A ..%2F path traversal vulnerability exists in the path handler of awful-salmonella-tar before 0.0.4. Attackers can only list directories (not read files). This occurs because the safe-path? Scheme predicate is not used for directories.
References
Link | Resource |
---|---|
https://github.com/mario-goulart/awful-salmonella-tar/commit/f705c881769b7610745cd4b4d8ae8b41b3f4f845 | Patch Third Party Advisory |
https://wiki.call-cc.org/eggref/5/awful-salmonella-tar | Product Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-02-18T21:59:54
Updated: 2022-02-18T21:59:54
Reserved: 2022-02-18T00:00:00
Link: CVE-2022-25358
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-02-18T22:15:13.640
Modified: 2022-03-01T19:07:39.237
Link: CVE-2022-25358
JSON object: View
Redhat Information
No data.
CWE