CVE Vulnerability

CVE-2022-25358

A ..%2F path traversal vulnerability exists in the path handler of awful-salmonella-tar before 0.0.4. Attackers can only list directories (not read files). This occurs because the safe-path? Scheme predicate is not used for directories.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

5.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://wiki.call-cc.org/eggref/5/awful-salmonella-tar Product Third Party Advisory
https://github.com/mario-goulart/awful-salmonella-tar/commit/f705c881769b7610745cd4b4d8ae8b41b3f4f845 Patch Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:awful-salmonella-tar_project:awful-salmonella-tar:*:*:*:*:*:*:*:*
Information

Published : 2022-02-18 10:15

Updated : 2022-03-01 07:07

NVD link : CVE-2022-25358

Mitre link : CVE-2022-25358

Products Affected
No products.
CWE
CWE-22