Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Advisories: GSA_kwCzR0hTQS14cDNnLTI3MjktcnhtM84AAw_b
Froxlor is vulnerable to path traversal
Path Traversal: '..\filename' in GitHub repository froxlor/froxlor prior to 2.0.0.
Permalink: https://github.com/advisories/GHSA-xp3g-2729-rxm3Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 13 days ago
Updated: 5 days ago
CVSS Score: 5.5
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-xp3g-2729-rxm3, CVE-2023-0316
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-0316
- https://github.com/froxlor/froxlor/commit/983d9294603925018225d672795bd8b4a526f41e
- https://huntr.dev/bounties/c190e42a-4806-47aa-aa1e-ff5d6407e244
- https://github.com/advisories/GHSA-xp3g-2729-rxm3
Affected Packages
packagist:froxlor/froxlor
Versions: < 2.0.0Fixed in: 2.0.0