CVE-2022-24718
7.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Summary
ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). In versions prior to 0.1.4, a path traversal issue can occur when providing untrusted input to the svg property as an argument to the build(MessagePageOptions) function. While there is no known workaround at this time, there is a patch in version 0.1.4.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Finastra | ssr-pages | < 0.1.4 | affected |
Weaknesses
- CWE-22: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/Finastra/ssr-pages/security/advisories/GHSA-w6cx-qg2q-rvq8
- https://github.com/Finastra/ssr-pages/pull/1
- https://github.com/Finastra/ssr-pages/pull/1/commits/c3e4c563384ae3ba3892f37dd190218577620780
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://github.com/Finastra/ssr-pages/security/advisories/GHSA-w6cx-qg2q-rvq8
- https://github.com/Finastra/ssr-pages/pull/1
- https://github.com/Finastra/ssr-pages/pull/1/commits/c3e4c563384ae3ba3892f37dd190218577620780
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.