Vulnerability Description
A vulnerability was found in kphrx pleroma. It has been classified as problematic. This affects the function Pleroma.Emoji.Pack of the file lib/pleroma/emoji/pack.ex. The manipulation of the argument name leads to path traversal. The complexity of an attack is rather high. The exploitability is told to be difficult. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 2c795094535537a8607cc0d3b7f076a609636f40. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-242187.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kpherox | Pleroma | - |
Related Weaknesses (CWE)
References
- https://github.com/kphrx/pleroma/commit/2c795094535537a8607cc0d3b7f076a609636f40Patch
- https://github.com/kphrx/pleroma/pull/197PatchVendor Advisory
- https://vuldb.com/?ctiid.242187Permissions RequiredThird Party Advisory
- https://vuldb.com/?id.242187Third Party Advisory
- https://github.com/kphrx/pleroma/commit/2c795094535537a8607cc0d3b7f076a609636f40Patch
- https://github.com/kphrx/pleroma/pull/197PatchVendor Advisory
- https://vuldb.com/?ctiid.242187Permissions RequiredThird Party Advisory
- https://vuldb.com/?id.242187Third Party Advisory
FAQ
What is CVE-2023-5588?
CVE-2023-5588 is a vulnerability with a CVSS score of 2.6 (LOW). A vulnerability was found in kphrx pleroma. It has been classified as problematic. This affects the function Pleroma.Emoji.Pack of the file lib/pleroma/emoji/pack.ex. The manipulation of the argument ...
How severe is CVE-2023-5588?
CVE-2023-5588 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-5588?
Check the references section above for vendor advisories and patch information. Affected products include: Kpherox Pleroma.