CVE-2022-25298
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-25298
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-25298.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-25298
- Related
- Published
- 2022-02-18T13:15:08Z
- Modified
- 2025-10-15T13:51:31.657694Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
This affects the package sprinfall/webcc before 0.3.0. It is possible to traverse directories to fetch arbitrary files from the server.
- References
Affected packages
Git / github.com/sprinfall/webcc
Affected ranges
- Type
- GIT
- Repo
- https://github.com/sprinfall/webcc
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"digest": {
"function_hash": "209764351027561823075044685368359549177",
"length": 665.0
},
"deprecated": false,
"source": "https://github.com/sprinfall/webcc/commit/55a45fd5039061d5cc62e9f1b9d1f7e97a15143f",
"signature_type": "Function",
"id": "CVE-2022-25298-0404ef35",
"signature_version": "v1",
"target": {
"function": "n",
"file": "examples/url_unicode.cc"
}
},
{
"digest": {
"function_hash": "312081623632835898470928799324631305337",
"length": 382.0
},
"deprecated": false,
"source": "https://github.com/sprinfall/webcc/commit/55a45fd5039061d5cc62e9f1b9d1f7e97a15143f",
"signature_type": "Function",
"id": "CVE-2022-25298-1244c280",
"signature_version": "v1",
"target": {
"function": "Server::MatchViewOrStatic",
"file": "webcc/server.cc"
}
},
{
"digest": {
"function_hash": "85521697464798701772126743718406114315",
"length": 662.0
},
"deprecated": false,
"source": "https://github.com/sprinfall/webcc/commit/55a45fd5039061d5cc62e9f1b9d1f7e97a15143f",
"signature_type": "Function",
"id": "CVE-2022-25298-1259186f",
"signature_version": "v1",
"target": {
"function": "Server::ServeStatic",
"file": "webcc/server.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"337070276976860011780981356373153611775",
"312593409730098730003190439687294709086",
"50006080317939652366241965993104352055",
"267486620321857844214778235924477794657",
"57184117530695825216670884483549997805",
"87930462855808385685204893044177078406"
]
},
"deprecated": false,
"source": "https://github.com/sprinfall/webcc/commit/55a45fd5039061d5cc62e9f1b9d1f7e97a15143f",
"signature_type": "Line",
"id": "CVE-2022-25298-15e2f12c",
"signature_version": "v1",
"target": {
"file": "webcc/fs.h"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"290606343398373025952330883896741875098",
"200805050752798983012963292971654241109",
"323708873417034108846736782256109956203",
"71557866335459239318480778548827124684",
"72629263762330021924890055387105048473",
"132320536535541647307175735160495698645",
"226897291724248665309321113157722285692",
"292061548656499089018974348893398253651",
"68688032460077003319454442566347943326"
]
},
"deprecated": false,
"source": "https://github.com/sprinfall/webcc/commit/55a45fd5039061d5cc62e9f1b9d1f7e97a15143f",
"signature_type": "Line",
"id": "CVE-2022-25298-24f4902d",
"signature_version": "v1",
"target": {
"file": "webcc/request_parser.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"193931890562184354338991092880318949547",
"28140047615956051509957704457637475430",
"213874678742671343064244019692472408590",
"170566773642895328570601732565627421196",
"38060710268189932949635039934944731791"
]
},
"deprecated": false,
"source": "https://github.com/sprinfall/webcc/commit/55a45fd5039061d5cc62e9f1b9d1f7e97a15143f",
"signature_type": "Line",
"id": "CVE-2022-25298-26c0a7e5",
"signature_version": "v1",
"target": {
"file": "webcc/utility.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"207136994505653448630064921609939258684",
"286091479044070887243821564434965596832",
"102434382718907113699419346099319674750",
"205462243383542657189654576429062471156",
"75908479845428932686685921307196453308",
"28161754718219855565900635574446670173",
"199194338403112166995367248579973967657",
"169436717563295289800512901118240475506",
"283021988003235358677696042430725229421",
"226480008383515528994567346211536781696",
"309737168529386819074966960434552244190",
"135145902480345144909730921189978381139",
"135610710356832396514278964672186071363",
"33460645319280579341696935231676357144",
"15898866447855226195593666961637163167",
"15503436421061366384170419274736384276",
"322810388662923413925827740546833725983",
"314927318177989172362509853220384392434",
"123123915543594158582498144482796422730",
"301949225236355682793111694509173599097",
"90924405869254038495951249565435034526",
"187571352338714726552982623947746030070",
"33825705900672023475772344267845296133",
"184461265033841882247939761588923037945",
"66711585446251522567121973277312565340",
"63023319149774050960125992398873200987",
"280237897037521499749255815628871809892",
"290141419745033287984893756651466270264",
"48110365625644944079296259321469621899",
"67535022182241884767639083142677205761",
"7753526286361479842305893056809228797",
"196601392190995898561613557549204693221",
"187177697818237249069955337846555618965",
"23874523489470094173908526343924884769",
"27754406826737382381543947039271535926",
"127041989671248416385291561238303342674",
"39996246570181854172637216850859769681",
"293205029928031472673358122035017455056",
"297165867299678531858014686731106920682",
"261469216600897354021068321043130507706",
"304177866006496313791064458206857971410",
"189543803706424843991176778427417619235",
"163377481442290905631274622226081427698"
]
},
"deprecated": false,
"source": "https://github.com/sprinfall/webcc/commit/55a45fd5039061d5cc62e9f1b9d1f7e97a15143f",
"signature_type": "Line",
"id": "CVE-2022-25298-33fd3c78",
"signature_version": "v1",
"target": {
"file": "webcc/url.cc"
}
},
{
"digest": {
"function_hash": "103040177401849473046821616428790832821",
"length": 568.0
},
"deprecated": false,
"source": "https://github.com/sprinfall/webcc/commit/55a45fd5039061d5cc62e9f1b9d1f7e97a15143f",
"signature_type": "Function",
"id": "CVE-2022-25298-3b9bd6ae",
"signature_version": "v1",
"target": {
"function": "WC2MB",
"file": "examples/encoding.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"256681628302510423710837803674133067738",
"80564845439269781686948382236868136550",
"249164422134812893934276663658266621791",
"253431764593531272467226349056478656474",
"250071215889501815262790006468516729661",
"258996162039861696990155044760857239591",
"196251232089244571673978842747727297299",
"307894022636631632283278368204213681773"
]
},
"deprecated": false,
"source": "https://github.com/sprinfall/webcc/commit/55a45fd5039061d5cc62e9f1b9d1f7e97a15143f",
"signature_type": "Line",
"id": "CVE-2022-25298-57e4c224",
"signature_version": "v1",
"target": {
"file": "webcc/server.h"
}
},
{
"digest": {
"function_hash": "173863512933207710238818431400648033972",
"length": 412.0
},
"deprecated": false,
"source": "https://github.com/sprinfall/webcc/commit/55a45fd5039061d5cc62e9f1b9d1f7e97a15143f",
"signature_type": "Function",
"id": "CVE-2022-25298-6017c213",
"signature_version": "v1",
"target": {
"function": "MB2WC",
"file": "examples/encoding.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"221226486965166060928801927155214353088",
"158408606734445625391989173209787512398",
"3591484389077250588483643429610676626",
"278106122303890263250208844218022680611",
"158305950175328578412153962217610061464",
"175389870079596964664643112438218966618",
"182964659649565280187939228849846822927",
"150778998731574979938617329010518567100",
"52753164779034694561345967612844285935",
"10036211203639915663634688163245053769",
"289796775781920350397169686178825490990",
"232249953777989160217125979950690580414",
"300523675560561272804032255293608662137",
"110944023896628831326483190577719291737",
"306461820391000299348781715848187143899",
"58340258269519684163153344011430227832",
"302054508607819593565513326082126517236",
"287765993178069454470360618095780431377",
"209291580977837948990613690307169905359",
"160665910466025775083548724680204950937",
"105337040525135509436230083124143182302",
"149144431531265832714245043314004004078",
"152456857666487691610276710656855967676",
"87243532374813051832000231774063723998",
"97849226057746683543690043357324491846",
"7377582401259305201469020306639181683",
"15271005187802690931581982435000182306",
"144498740620965206021547494703763496862",
"41675839680243988076255950281284985325",
"193255343513910556690260337391312484400",
"154095679773034157425021288996658060121",
"5088145860282261493502060877897775266",
"284562712346448735871667866926525272122",
"72188261689711726943806878145663647936",
"189496303540889758721343792953014868111",
"205527549184846475124475429257869584709"
]
},
"deprecated": false,
"source": "https://github.com/sprinfall/webcc/commit/55a45fd5039061d5cc62e9f1b9d1f7e97a15143f",
"signature_type": "Line",
"id": "CVE-2022-25298-63e0c9a8",
"signature_version": "v1",
"target": {
"file": "examples/encoding.cc"
}
},
{
"digest": {
"function_hash": "197378706662817778520442368267554598147",
"length": 618.0
},
"deprecated": false,
"source": "https://github.com/sprinfall/webcc/commit/55a45fd5039061d5cc62e9f1b9d1f7e97a15143f",
"signature_type": "Function",
"id": "CVE-2022-25298-6bd643ed",
"signature_version": "v1",
"target": {
"function": "Router::MatchView",
"file": "webcc/router.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"271713873764929613635454616095651903292",
"88270624434501699163358168870931763258",
"178324849915722971896862281766190289689",
"312093647672470791110435146812163807064"
]
},
"deprecated": false,
"source": "https://github.com/sprinfall/webcc/commit/55a45fd5039061d5cc62e9f1b9d1f7e97a15143f",
"signature_type": "Line",
"id": "CVE-2022-25298-70c37c64",
"signature_version": "v1",
"target": {
"file": "webcc/router.h"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"73371919487326243508385873926060646791",
"155366455877703271323475618871219231774",
"276551626376177445972617301248210708097"
]
},
"deprecated": false,
"source": "https://github.com/sprinfall/webcc/commit/55a45fd5039061d5cc62e9f1b9d1f7e97a15143f",
"signature_type": "Line",
"id": "CVE-2022-25298-864aab78",
"signature_version": "v1",
"target": {
"file": "webcc/string.h"
}
},
{
"digest": {
"function_hash": "330163544382999859490632131139003124774",
"length": 505.0
},
"deprecated": false,
"source": "https://github.com/sprinfall/webcc/commit/55a45fd5039061d5cc62e9f1b9d1f7e97a15143f",
"signature_type": "Function",
"id": "CVE-2022-25298-89e09ddf",
"signature_version": "v1",
"target": {
"function": "UrlQuery::UrlQuery",
"file": "webcc/url.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"167413244136489452743928897453852332224",
"284397429817839312352936614665432289481",
"50156378111005542917111591793289818462",
"232118194924191527515084342618833492414"
]
},
"deprecated": false,
"source": "https://github.com/sprinfall/webcc/commit/55a45fd5039061d5cc62e9f1b9d1f7e97a15143f",
"signature_type": "Line",
"id": "CVE-2022-25298-8f9416c6",
"signature_version": "v1",
"target": {
"file": "webcc/body.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"204033263404007465126661836338548007709",
"126240667688318192751746529781315543183",
"257189600210853903092975594100374454374"
]
},
"deprecated": false,
"source": "https://github.com/sprinfall/webcc/commit/55a45fd5039061d5cc62e9f1b9d1f7e97a15143f",
"signature_type": "Line",
"id": "CVE-2022-25298-9077a351",
"signature_version": "v1",
"target": {
"file": "webcc/url.h"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"316113062740540625276292720384083357452",
"28709587443263399503172661399415549764",
"40917913873727570496467714438826808654"
]
},
"deprecated": false,
"source": "https://github.com/sprinfall/webcc/commit/55a45fd5039061d5cc62e9f1b9d1f7e97a15143f",
"signature_type": "Line",
"id": "CVE-2022-25298-9b55229b",
"signature_version": "v1",
"target": {
"file": "webcc/utility.h"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"142890065455913350389232836228507308560",
"110437410716981405633574310898854120205"
]
},
"deprecated": false,
"source": "https://github.com/sprinfall/webcc/commit/55a45fd5039061d5cc62e9f1b9d1f7e97a15143f",
"signature_type": "Line",
"id": "CVE-2022-25298-9fdd3397",
"signature_version": "v1",
"target": {
"file": "examples/encoding.h"
}
},
{
"digest": {
"function_hash": "180214564468253310559103961307142692729",
"length": 125.0
},
"deprecated": false,
"source": "https://github.com/sprinfall/webcc/commit/55a45fd5039061d5cc62e9f1b9d1f7e97a15143f",
"signature_type": "Function",
"id": "CVE-2022-25298-a73546e7",
"signature_version": "v1",
"target": {
"function": "DecodeUnsafe",
"file": "webcc/url.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"319683736036796326393892993674943006719",
"32092708430534021952812730471415585836",
"157495644537377052291373635505420169597",
"154976489993501431691272259649801925578",
"123669216931562830847271229370269947570",
"165016064065710134105143581821969704200",
"117442903858438272753604173467603793829",
"69279501883071376361872314246159524888",
"41571510329277769768095925004539432366",
"64254921304249101125027265305670919964",
"155655200489623204124393816402887629355",
"4341001129206987344655144783414794050",
"323418244766792193253409088408325697724",
"199463034061552816714050797553609669086",
"247814127976646260885376196136628851725",
"78936824816893006561827550619075391512",
"304051817245806813578998241093053439982",
"60824798435802016308776977706871159060",
"185792819116132997857294510760717185411",
"48433446389314061574732559429104930764",
"224446463558308502080146878487976071717",
"110325602661073028748971364918411464640",
"92709224527249014411472692040310419942"
]
},
"deprecated": false,
"source": "https://github.com/sprinfall/webcc/commit/55a45fd5039061d5cc62e9f1b9d1f7e97a15143f",
"signature_type": "Line",
"id": "CVE-2022-25298-b7023ebe",
"signature_version": "v1",
"target": {
"file": "webcc/server.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"80812708366938070270126227889364653667",
"188379183127063970502152498188605047947",
"53104219240825329774974339058337671389",
"120181264300878147896016778924974391998",
"281406739016004571612927550031063339082",
"284325826909774401765001066386548657971",
"174668287121057428554844732105357290977",
"259035701126881970290718538415515302589",
"38937096689262701894284103590492086070",
"16512867898815025502420156345275120237",
"272314602856204110083075973702721320449",
"148483185969055844956387124694146257148",
"229098828549010318661760131649701189292",
"173298473969967454020327226205798343580",
"138710940910934388285156123187773072669",
"226059425269144761518756525633602077629",
"164986608644501618834623652344513594196",
"18221376329536960993817242961103054045"
]
},
"deprecated": false,
"source": "https://github.com/sprinfall/webcc/commit/55a45fd5039061d5cc62e9f1b9d1f7e97a15143f",
"signature_type": "Line",
"id": "CVE-2022-25298-bbe3a6fe",
"signature_version": "v1",
"target": {
"file": "examples/url_unicode.cc"
}
},
{
"digest": {
"function_hash": "244476712584494846903930224443511007183",
"length": 146.0
},
"deprecated": false,
"source": "https://github.com/sprinfall/webcc/commit/55a45fd5039061d5cc62e9f1b9d1f7e97a15143f",
"signature_type": "Function",
"id": "CVE-2022-25298-be32042e",
"signature_version": "v1",
"target": {
"function": "FileBody::Dump",
"file": "webcc/body.cc"
}
},
{
"digest": {
"function_hash": "314157953382572083268794282680620632633",
"length": 302.0
},
"deprecated": false,
"source": "https://github.com/sprinfall/webcc/commit/55a45fd5039061d5cc62e9f1b9d1f7e97a15143f",
"signature_type": "Function",
"id": "CVE-2022-25298-c8afd7a3",
"signature_version": "v1",
"target": {
"function": "RequestParser::OnHeadersEnd",
"file": "webcc/request_parser.cc"
}
},
{
"digest": {
"function_hash": "87794637938801127700853295202273550002",
"length": 575.0
},
"deprecated": false,
"source": "https://github.com/sprinfall/webcc/commit/55a45fd5039061d5cc62e9f1b9d1f7e97a15143f",
"signature_type": "Function",
"id": "CVE-2022-25298-d9e0f693",
"signature_version": "v1",
"target": {
"function": "Decode",
"file": "webcc/url.cc"
}
},
{
"digest": {
"function_hash": "167368053349261346903743171490551616436",
"length": 204.0
},
"deprecated": false,
"source": "https://github.com/sprinfall/webcc/commit/55a45fd5039061d5cc62e9f1b9d1f7e97a15143f",
"signature_type": "Function",
"id": "CVE-2022-25298-e2e20739",
"signature_version": "v1",
"target": {
"function": "Server::Server",
"file": "webcc/server.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"53443735956303315356081239660140457895",
"71177313363585878020507549163961560004",
"229926343697114241560750569180440954693",
"323075165688110283180455729341333675239"
]
},
"deprecated": false,
"source": "https://github.com/sprinfall/webcc/commit/55a45fd5039061d5cc62e9f1b9d1f7e97a15143f",
"signature_type": "Line",
"id": "CVE-2022-25298-e707d65c",
"signature_version": "v1",
"target": {
"file": "webcc/string.cc"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"70011343197455881468007477687818008883",
"123201790941687108353969988720066555425",
"153031976467305995533160813233006697768",
"145637909530261550029271956077177104420",
"32838057633135689437501338784245987601",
"6974426018743023221447447849306515416",
"72015421651199297644807456654957997970",
"131608775492724630375119832855560269443",
"321393998205257420944557953288365493507",
"188775611527217415162507031782246868804",
"131457125797030037109369509656853133797",
"330034671132665793602149653223436379157",
"139200066005686268684049831537336400686"
]
},
"deprecated": false,
"source": "https://github.com/sprinfall/webcc/commit/55a45fd5039061d5cc62e9f1b9d1f7e97a15143f",
"signature_type": "Line",
"id": "CVE-2022-25298-e93490e0",
"signature_version": "v1",
"target": {
"file": "webcc/router.cc"
}
}
]