GHSA-9rvm-p3qm-f4vv
Suggest an improvement- Source
- https://github.com/advisories/GHSA-9rvm-p3qm-f4vv
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-9rvm-p3qm-f4vv/GHSA-9rvm-p3qm-f4vv.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-9rvm-p3qm-f4vv
- Aliases
- Published
- 2025-10-16T18:30:23Z
- Modified
- 2025-10-18T08:42:38.925490Z
- Severity
-
- 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Smidge is vulnerable to Path Traversal
- Details
-
A security vulnerability has been detected in Shazwazza Smidge up to 4.5.1. The impacted element is an unknown function of the component Bundle Handler. The manipulation of the argument Version leads to path traversal. Remote exploitation of the attack is possible. Upgrading to version 4.6.0 is sufficient to resolve this issue. It is recommended to upgrade the affected component.
- Database specific
{ "severity": "MODERATE", "github_reviewed_at": "2025-10-16T21:34:28Z", "cwe_ids": [ "CWE-22" ], "github_reviewed": true, "nvd_published_at": "2025-10-16T16:15:37Z" }- References
Affected packages
NuGet / Smidge
Package
- Name
- Smidge
- View open source insights on deps.dev
- Purl
- pkg:nuget/Smidge
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.6.0
Affected versions
1.*
1.0.0-Alpha1
1.0.0-Beta1
1.0.0-Beta2
1.0.0-Beta3
1.0.0-beta4
1.0.0-beta5
1.0.0-beta6
1.0.0-beta7
1.0.0-rc1
1.0.0-rc2
1.0.0-rc3
1.0.0-rc4
1.0.0-rc5
1.0.0-rc6
1.0.0-rc7
1.0.0
2.*
2.0.0-alpha
2.0.0-beta
2.0.0
2.0.1
3.*
3.0.0-beta01
3.0.0
3.0.1
3.0.2
3.0.3
3.1.0
3.1.1
3.2.0
3.2.1
4.*
4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.1.0
4.1.1
4.2.0
4.2.1
4.3.0
4.4.0
4.5.0
4.5.1