Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS13NmN4LXFnMnEtcnZxOM0vhg
Path Traversal in @finastra/ssr-pages
A path traversal issue can occur when providing untrusted input to the svg
property as an argument to the build(MessagePageOptions)
function.
References
- https://github.com/Finastra/ssr-pages/pull/1
- https://github.com/Finastra/ssr-pages/pull/1/commits/c3e4c563384ae3ba3892f37dd190218577620780
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13NmN4LXFnMnEtcnZxOM0vhg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: about 1 year ago
CVSS Score: 7.6
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Identifiers: GHSA-w6cx-qg2q-rvq8, CVE-2022-24718
References:
- https://github.com/Finastra/ssr-pages/security/advisories/GHSA-w6cx-qg2q-rvq8
- https://nvd.nist.gov/vuln/detail/CVE-2022-24718
- https://github.com/Finastra/ssr-pages/pull/1
- https://github.com/Finastra/ssr-pages/pull/1/commits/c3e4c563384ae3ba3892f37dd190218577620780
- https://github.com/advisories/GHSA-w6cx-qg2q-rvq8
Blast Radius: 5.9
Affected Packages
npm:@finastra/ssr-pages
Dependent packages: 5Dependent repositories: 6
Downloads: 33 last month
Affected Version Ranges: < 0.1.4
Fixed in: 0.1.4
All affected versions: 0.1.0, 0.1.1, 0.1.2, 0.1.3
All unaffected versions: 0.1.4, 0.1.5, 0.1.6