CVE-2022-26652

NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nats:nats_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nats:nats_streaming_server:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:54

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2022/03/10/1 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2022/03/10/1 - Mailing List, Third Party Advisory
References () https://advisories.nats.io/CVE/CVE-2022-26652.txt - Vendor Advisory () https://advisories.nats.io/CVE/CVE-2022-26652.txt - Vendor Advisory
References () https://github.com/nats-io/nats-server/releases - Release Notes, Third Party Advisory () https://github.com/nats-io/nats-server/releases - Release Notes, Third Party Advisory
References () https://github.com/nats-io/nats-server/security/advisories/GHSA-6h3m-36w8-hv68 - Third Party Advisory () https://github.com/nats-io/nats-server/security/advisories/GHSA-6h3m-36w8-hv68 - Third Party Advisory

Information

Published : 2022-03-10 17:47

Updated : 2024-11-21 06:54


NVD link : CVE-2022-26652

Mitre link : CVE-2022-26652

CVE.ORG link : CVE-2022-26652


JSON object : View

Products Affected

nats

  • nats_streaming_server
  • nats_server
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')