CVE-2022-25937

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-25937

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-25937.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-25937

Aliases

GHSA-3hjh-5hgx-f5wh

Published

2023-02-13T05:15:12Z

Modified

2025-01-08T14:09:39.557733Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in CVE-2018-3715.

References

Affected packages

Git / github.com/jarofghosts/glance

Affected ranges

Type: GIT
Repo: https://github.com/jarofghosts/glance
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8cecfe90286e0c45a5494067f1b592d0ccfeabac

Fixed

8cecfe90286e0c45a5494067f1b592d0ccfeabac

Affected versions

0.*

0.1.12

v0.*

v0.2.5

v0.2.6

v0.2.7

v0.3.0

v0.4.0

v0.4.1

v1.*

v1.0.0

v2.*

v2.0.0

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.0.4

v3.0.5

v3.0.6

v3.0.7

v3.0.8