SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests.
References
Link | Resource |
---|---|
https://github.com/shirasagi/shirasagi/commit/5ac4685d7e4330f949f13219069107fc5d768934 | Patch |
https://jvn.jp/en/jp/JVN58721679/ | Third Party Advisory |
https://www.ss-proj.org/ | Product |
Configurations
History
17 Oct 2024, 17:52
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
First Time |
Ss-proj shirasagi
Ss-proj |
|
CPE | cpe:2.3:a:ss-proj:shirasagi:*:*:*:*:*:*:*:* | |
References | () https://github.com/shirasagi/shirasagi/commit/5ac4685d7e4330f949f13219069107fc5d768934 - Patch | |
References | () https://jvn.jp/en/jp/JVN58721679/ - Third Party Advisory | |
References | () https://www.ss-proj.org/ - Product |
15 Oct 2024, 12:57
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
15 Oct 2024, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-15 07:15
Updated : 2024-10-17 17:52
NVD link : CVE-2024-46898
Mitre link : CVE-2024-46898
CVE.ORG link : CVE-2024-46898
JSON object : View
Products Affected
ss-proj
- shirasagi
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')