CVE-2022-26652

NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nats:nats_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nats:nats_streaming_server:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-03-10 17:47

Updated : 2024-02-28 19:09


NVD link : CVE-2022-26652

Mitre link : CVE-2022-26652

CVE.ORG link : CVE-2022-26652


JSON object : View

Products Affected

nats

  • nats_server
  • nats_streaming_server
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')