Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1jOXB3LWY0d3AtMjJqcs4AAwzo
SUKOHI Surpass Path Traversal vulnerability
A vulnerability has been found in SUKOHI Surpass and classified as critical. This vulnerability affects unknown code of the file src/Sukohi/Surpass/Surpass.php. The manipulation of the argument dir leads to pathname traversal. Upgrading to version 1.0.0 can address this issue. The name of the patch is d22337d453a2a14194cdb02bf12cdf9d9f827aa7. It is recommended to upgrade the affected component. VDB-217642 is the identifier assigned to this vulnerability.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jOXB3LWY0d3AtMjJqcs4AAwzo
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: 6 months ago
CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-c9pw-f4wp-22jr, CVE-2015-10030
References:
- https://nvd.nist.gov/vuln/detail/CVE-2015-10030
- https://github.com/SUKOHI/Surpass/commit/d22337d453a2a14194cdb02bf12cdf9d9f827aa7
- https://github.com/SUKOHI/Surpass/releases/tag/1.0.0
- https://vuldb.com/?ctiid.217642
- https://vuldb.com/?id.217642
- https://github.com/advisories/GHSA-c9pw-f4wp-22jr
Blast Radius: 4.5
Affected Packages
packagist:sukohi/surpass
Dependent packages: 0Dependent repositories: 7
Downloads: 3,747 total
Affected Version Ranges: < 1.0.0
Fixed in: 1.0.0
All affected versions:
All unaffected versions: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7