CVE-2022-23082

Summary

In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal.

Affected Software

VendorProductVersion RangeStatus
WhiteSourceCureKitv1.0.1 < unspecifiedaffected
WhiteSourceCureKitunspecified <= v1.1.3affected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CVE Program Container

Additional References

References