CVE-2022-23082 Vulnerability in maven package io.whitesource:curekit

Description

In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal.

Remediation

References

https://github.com/whitesource/CureKit/commit/af35e870ed09411d2f1fae6db1b04598cd1a31b6

https://www.mend.io/vulnerability-database/CVE-2022-23082

Related Vulnerabilities

CVE-2018-1288 Vulnerability in maven package org.apache.kafka:kafka_2.12

CVE-2023-38690 Vulnerability in npm package matrix-appservice-irc

CVE-2017-16116 Vulnerability in npm package string

CVE-2022-43427 Vulnerability in maven package com.compuware.jenkins:compuware-topaz-for-total-test

CVE-2021-21345 Vulnerability in maven package com.thoughtworks.xstream:xstream

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N