GHSA-3jhm-87m6-x959
Suggest an improvement- Source
- https://github.com/advisories/GHSA-3jhm-87m6-x959
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-3jhm-87m6-x959/GHSA-3jhm-87m6-x959.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-3jhm-87m6-x959
- Aliases
- Related
- Published
- 2022-06-25T07:12:08Z
- Modified
- 2025-01-08T08:27:22.744515Z
- Summary
- Path traversal mitigation bypass in OctoRPKI
- Details
-
Impact
The existing URI path filters in OctoRPKI (version < 1.4.3) mitigating Path traversal vulnerability could be bypassed by an attacker. In case a malicious TAL file is parsed, it was possible to write files outside the base cache folder.
Specific Go Packages Affected
github.com/cloudflare/cfrpki/cmd/octorpki
Patches
The issue was fixed in version 1.4.3
References
- Database specific
{ "severity": "HIGH", "github_reviewed": true, "nvd_published_at": null, "github_reviewed_at": "2022-06-25T07:12:08Z", "cwe_ids": [ "CWE-22" ] }- References
Affected packages
Go / github.com/cloudflare/cfrpki
Package
- Name
- github.com/cloudflare/cfrpki
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/cloudflare/cfrpki