Vulnerability Description
ZOO-Project is a C-based WPS (Web Processing Service) implementation. A path traversal vulnerability was discovered in Zoo-Project Echo example. The Echo example available by default in Zoo installs implements file caching, which can be controlled by user-given parameters. No input validation is performed in this parameter, which allows an attacker to fully control the file which is returned in the response. Patch was committed in November 22nd, 2024.
Related Weaknesses (CWE)
References
- https://github.com/ZOO-Project/ZOO-Project/commit/641cb18fec58de43a3468f314e5f88
- https://github.com/ZOO-Project/ZOO-Project/security/advisories/GHSA-93rv-45r8-h5
FAQ
What is CVE-2024-53982?
CVE-2024-53982 is a documented vulnerability. ZOO-Project is a C-based WPS (Web Processing Service) implementation. A path traversal vulnerability was discovered in Zoo-Project Echo example. The Echo example available by default in Zoo installs i...
How severe is CVE-2024-53982?
CVSS scoring is not yet available for CVE-2024-53982. Check NVD for updates.
Is there a patch for CVE-2024-53982?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.