Vulnerability Description
In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mend | Curekit | >= 1.0.1, <= 1.1.3 |
Related Weaknesses (CWE)
References
- https://github.com/whitesource/CureKit/commit/af35e870ed09411d2f1fae6db1b04598cdPatchThird Party Advisory
- https://www.mend.io/vulnerability-database/CVE-2022-23082Vendor Advisory
- https://github.com/whitesource/CureKit/commit/af35e870ed09411d2f1fae6db1b04598cdPatchThird Party Advisory
- https://www.mend.io/vulnerability-database/CVE-2022-23082Vendor Advisory
FAQ
What is CVE-2022-23082?
CVE-2022-23082 is a vulnerability with a CVSS score of 7.5 (HIGH). In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal.
How severe is CVE-2022-23082?
CVE-2022-23082 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-23082?
Check the references section above for vendor advisories and patch information. Affected products include: Mend Curekit.