Description
In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal.
Remediation
References
https://www.mend.io/vulnerability-database/CVE-2022-23082
https://github.com/whitesource/CureKit/commit/af35e870ed09411d2f1fae6db1b04598cd1a31b6
Related Vulnerabilities
CVE-2018-1261 Vulnerability in maven package org.springframework.integration:spring-integration-zip
CVE-2023-46244 Vulnerability in maven package org.xwiki.platform:xwiki-platform-display-api
CVE-2023-31007 Vulnerability in maven package org.apache.pulsar:pulsar-broker
CVE-2023-33779 Vulnerability in maven package com.xuxueli:xxl-job
CVE-2022-36437 Vulnerability in maven package com.hazelcast:hazelcast-enterprise