Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1jZzI0LWpqcjUtcnhtZs4AA6Hh
Path traversal in flaskcode Devan-Kerman ARRP
Directory Traversal vulnerability in Devan-Kerman ARRP v.0.8.1 and before allows a remote attacker to execute arbitrary code via the dumpDirect in RuntimeResourcePackImpl component.
Permalink: https://github.com/advisories/GHSA-cg24-jjr5-rxmfJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jZzI0LWpqcjUtcnhtZs4AA6Hh
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 9 months ago
Updated: 8 months ago
CVSS Score: 8.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Identifiers: GHSA-cg24-jjr5-rxmf, CVE-2024-24042
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-24042
- https://github.com/Devan-Kerman/ARRP/commit/7ea80db462c8bf66a0565e84fa49c1f2ecb9287b
- https://gist.github.com/apple502j/193358682885fe1a6708309ce934e4ed
- https://github.com/advisories/GHSA-cg24-jjr5-rxmf
Blast Radius: 1.0
Affected Packages
maven:net.devtech:arrp
Affected Version Ranges: <= 0.8.1Fixed in: 0.8.2