Vulnerability Description
A ..%2F path traversal vulnerability exists in the path handler of awful-salmonella-tar before 0.0.4. Attackers can only list directories (not read files). This occurs because the safe-path? Scheme predicate is not used for directories.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Awful-Salmonella-Tar Project | Awful-Salmonella-Tar | < 0.0.4 |
Related Weaknesses (CWE)
References
- https://github.com/mario-goulart/awful-salmonella-tar/commit/f705c881769b7610745PatchThird Party Advisory
- https://wiki.call-cc.org/eggref/5/awful-salmonella-tarProductThird Party Advisory
- https://github.com/mario-goulart/awful-salmonella-tar/commit/f705c881769b7610745PatchThird Party Advisory
- https://wiki.call-cc.org/eggref/5/awful-salmonella-tarProductThird Party Advisory
FAQ
What is CVE-2022-25358?
CVE-2022-25358 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A ..%2F path traversal vulnerability exists in the path handler of awful-salmonella-tar before 0.0.4. Attackers can only list directories (not read files). This occurs because the safe-path? Scheme pr...
How severe is CVE-2022-25358?
CVE-2022-25358 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-25358?
Check the references section above for vendor advisories and patch information. Affected products include: Awful-Salmonella-Tar Project Awful-Salmonella-Tar.