Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1ocnJtLTg5NWgteGgzNM4AAvLR

High CVSS: 8.7 EPSS: 0.00803% (0.73259 Percentile) EPSS:
Permalink JSON

rdiffweb Path Traversal vulnerability

Affected Packages Affected Versions Fixed Versions
pypi:rdiffweb
PURL: pkg:pypi/rdiffweb
< 2.4.10 2.4.10
0 Dependent packages
3 Dependent repositories
2,060 Downloads last month

Affected Version Ranges

All affected versions

0.9.3, 0.9.4, 0.9.5, 0.10.0, 0.10.2, 0.10.3, 0.10.4, 0.10.5, 0.10.6, 0.10.7, 0.10.8, 0.10.9, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.1.0, 1.2.0, 1.2.1, 1.2.2, 1.3.0, 1.3.1, 1.3.2, 1.4.0, 1.5.0, 2.0.2, 2.1.0, 2.2.0, 2.2.1, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9

All unaffected versions

2.4.10, 2.4.11, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.5.6, 2.5.7, 2.5.8, 2.6.0, 2.6.1, 2.7.0, 2.7.1, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.8.5, 2.8.6, 2.8.7, 2.8.8, 2.8.9, 2.9.1, 2.9.2, 2.9.3, 2.9.4, 2.9.5, 2.9.7, 2.10.4, 2.10.5

rdiffweb prior to 2.4.10 is vulnerable to Path Traversal. Version 2.4.10 contains a patch.

References:

Identifiers

GHSA-hrrm-895h-xh34

CVE-2022-3389

Risk

Severity

High

CVSS

CVSS Score: 8.7

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS

EPSS Percentage: 0.00803

EPSS Percentile: 0.73259

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/ikus060/rdiffweb

Date and time

Published

almost 3 years ago

Updated

10 months ago

API

JSON