CVE-2024-42499

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-42499

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42499.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-42499

Aliases

GHSA-q297-5ff8-hc92

Published

2024-11-15T05:26:23.645Z

Modified

2026-06-18T03:54:32.605109730Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an attacker may be able to know whether a file exists at a specific path, and/or obtain some part of the file contents under specific conditions.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42499.json",
    "cwe_ids": [
        "CWE-22"
    ],
    "cna_assigner": "jpcert"
}

References

Affected packages

Git / github.com/unclebob/fitnesse

Affected ranges

Type

GIT

Repo

https://github.com/unclebob/fitnesse

Events

Introduced

Fixed

c753e66ba16287ae766b01f6ec492d4680a65d6c

Database specific

{
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "releases prior to 20241026"
        }
    ]
}

Affected versions

Other

20090112

20090214

20090321

20090513

20090818

20091121

20100103

20110104

20130530

20131110

20140201

20150106

20150114

20150119

20150202

20150217

20150218

20150223

20150226

20150424

20150814

20151230

20160515

20160618

20161105

20161106

20171015

20171210

20171212

20180127

20181221

20181222

20181223

20181224

20190110

20190118

20190119

20190127

20190202

20190216

20190224

20190406

20190409

20190416

20190417

20190418

20190421

20190428

20190508

20190620

20190628

20190716

20191110

20191217

20191229

20200108

20200128

20200205

20200304

20200307

20200308

20200404

20200501

20201213

20210410

20210516

20210605

20210606

20211006

20211030

20220319

20220815

20221102

20221219

20230503

20231029

20231203

20240219

20240707

20241023

v20121009

v20130911

v20131001

v20131003

v20131015

v20131016

v20131119

v20140130

v20140203

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42499.json"