CVE-2025-11842
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-11842
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-11842.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-11842
- Aliases
- Published
- 2025-10-16T16:15:37Z
- Modified
- 2025-10-23T04:20:55.215470Z
- Severity
-
- 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- [none]
- Details
-
A security vulnerability has been detected in Shazwazza Smidge up to 4.5.1. The impacted element is an unknown function of the component Bundle Handler. The manipulation of the argument Version leads to path traversal. Remote exploitation of the attack is possible. Upgrading to version 4.6.0 is sufficient to resolve this issue. It is recommended to upgrade the affected component.
- References
Affected packages
Git / github.com/shazwazza/smidge
Affected ranges
- Type
- GIT
- Repo
- https://github.com/shazwazza/smidge
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.0.0
1.0.0-beta1
1.0.0-beta2
1.0.0-beta3
1.0.0-beta4
1.0.0-beta6
1.0.0-beta7
1.0.0-rc1
1.0.0-rc3
1.0.0-rc4
1.0.0-rc7
2.*
2.0.0-alpha
3.*
3.2.2
v2.*
v2.0.0-beta
v2.0.0-rtm
v2.0.1
v3.*
v3.0.0
v3.0.0-beta01
v3.0.1
v3.0.2
v3.0.3
v3.1.0
v3.1.1
v3.2.0
v3.2.1
v4.*
v4.0.0
v4.0.0-beta.300
v4.0.1
v4.0.2
v4.0.3
v4.0.4
v4.1.0
v4.1.1
v4.2.0
v4.2.1
v4.3.0
v4.4.0
v4.5.0
v4.5.1