GHSA-4p75-5p53-65m9

Source

https://github.com/advisories/GHSA-4p75-5p53-65m9

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-4p75-5p53-65m9/GHSA-4p75-5p53-65m9.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-4p75-5p53-65m9

Aliases

CVE-2024-45604

Published

2024-09-17T14:58:45Z

Modified

2024-09-17T22:33:01.704508Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

Contao affected by directory traversal in the file selector widget

Details

Impact

Back end users can list files outside their file mounts or the document root in the FileSelector widget.

Patches

Update to Contao 4.13.49.

Workarounds

None.

References

https://contao.org/en/security-advisories/directory-traversal-in-the-fileselector-widget

For more information

If you have any questions or comments about this advisory, open an issue in contao/contao.

Credits

Thanks to Jakob Steeg from usd AG for reporting this vulnerability.

References

Affected packages

Packagist / contao/core-bundle

Package

Name: contao/core-bundle
Purl: pkg:composer/contao/core-bundle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.13.49

Affected versions

4.*

4.0.0-beta1

4.0.0-RC1

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.1.0-beta1

4.1.0-RC1

4.1.0

4.1.1

4.1.2

4.1.3

4.2.0-beta1

4.2.0-RC1

4.2.0

4.2.1

4.2.2

4.2.3

4.2.4

4.2.5

4.3.0-RC1

4.3.0

4.3.1

4.3.2

4.3.3

4.3.4

4.3.5

4.3.6

4.3.7

4.3.8

4.3.9

4.3.10

4.3.11

4.4.0-beta1

4.4.0-RC1

4.4.0-RC2

4.4.0

4.4.1

4.4.2

4.4.3

4.4.4

4.4.5

4.4.6

4.4.7

4.4.8

4.4.9

4.4.10

4.4.11

4.4.12

4.4.13

4.4.14

4.4.15

4.4.16

4.4.17

4.4.18

4.4.19

4.4.20

4.4.21

4.4.22

4.4.23

4.4.24

4.4.25

4.4.26

4.4.27

4.4.28

4.4.29

4.4.30

4.4.31

4.4.32

4.4.33

4.4.34

4.4.35

4.4.36

4.4.37

4.4.38

4.4.39

4.4.40

4.4.41

4.4.42

4.4.43

4.4.44

4.4.45

4.4.46

4.4.47

4.4.48

4.4.49

4.4.50

4.4.51

4.4.52

4.4.53

4.4.54

4.4.55

4.4.56

4.4.57

4.5.0-beta1

4.5.0-beta2

4.5.0-beta3

4.5.0-RC1

4.5.0-RC2

4.5.0

4.5.1

4.5.2

4.5.3

4.5.4

4.5.5

4.5.6

4.5.7

4.5.8

4.5.9

4.5.10

4.5.11

4.5.12

4.5.13

4.5.14

4.6.0-RC1

4.6.0-RC2

4.6.0-RC3

4.6.0

4.6.1

4.6.2

4.6.3

4.6.4

4.6.5

4.6.6

4.6.7

4.6.8

4.6.9

4.6.10

4.6.11

4.6.12

4.6.13

4.6.14

4.7.0-RC1

4.7.0-RC2

4.7.0-RC3

4.7.0-RC4

4.7.0

4.7.1

4.7.2

4.7.3

4.7.4

4.7.5

4.7.6

4.7.7

4.8.0-RC1

4.8.0-RC2

4.8.0

4.8.1

4.8.2

4.8.3

4.8.4

4.8.5

4.8.6

4.8.7

4.8.8

4.9.0-RC1

4.9.0-RC2

4.9.0

4.9.1

4.9.2

4.9.3

4.9.4

4.9.5

4.9.6

4.9.7

4.9.8

4.9.9

4.9.10

4.9.11

4.9.12

4.9.13

4.9.14

4.9.15

4.9.16

4.9.17

4.9.18

4.9.19

4.9.20

4.9.21

4.9.22

4.9.23

4.9.24

4.9.25

4.9.26

4.9.27

4.9.28

4.9.29

4.9.30

4.9.31

4.9.32

4.9.33

4.9.34

4.9.35

4.9.36

4.9.37

4.9.38

4.9.39

4.9.40

4.9.41

4.9.42

4.10.0-RC1

4.10.0-RC2

4.10.0-RC3

4.10.0-RC4

4.10.0

4.10.1

4.10.2

4.10.3

4.10.4

4.10.5

4.10.6

4.10.7

4.11.0-RC1

4.11.0-RC2

4.11.0

4.11.1

4.11.2

4.11.3

4.11.4

4.11.5

4.11.6

4.11.7

4.11.8

4.11.9

4.12.0-RC1

4.12.0-RC2

4.12.0-RC3

4.12.0

4.12.1

4.12.2

4.12.3

4.12.4

4.12.5

4.12.6

4.12.7

4.13.0-RC1

4.13.0-RC2

4.13.0-RC3

4.13.0

4.13.1

4.13.2

4.13.3

4.13.4

4.13.5

4.13.6

4.13.7

4.13.8

4.13.9

4.13.10

4.13.11

4.13.12

4.13.13

4.13.14

4.13.15

4.13.16

4.13.17

4.13.18

4.13.19

4.13.20

4.13.21

4.13.22

4.13.23

4.13.24

4.13.25

4.13.26

4.13.27

4.13.28

4.13.29

4.13.30

4.13.31

4.13.32

4.13.33

4.13.34

4.13.35

4.13.36

4.13.37

4.13.38

4.13.39

4.13.40

4.13.41

4.13.42

4.13.43

4.13.44

4.13.45

4.13.46

4.13.47

4.13.48