CVE-2022-35410
N/A
N/A
Summary
mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. This primarily affects mat2 web instances, in which clients could obtain sensitive information via a crafted archive.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://0xacab.org/jvoisin/mat2/-/issues/174
- https://0xacab.org/jvoisin/mat2/-/commit/beebca4bf1cd3b935824c966ce077e7bcf610385
- https://dustri.org/b/mat2-0130.html
- https://www.debian.org/security/2022/dsa-5185
References
- https://0xacab.org/jvoisin/mat2/-/issues/174
- https://0xacab.org/jvoisin/mat2/-/commit/beebca4bf1cd3b935824c966ce077e7bcf610385
- https://dustri.org/b/mat2-0130.html
- https://www.debian.org/security/2022/dsa-5185
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.