Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xMjk3LTVmZjgtaGM5Ms4ABBYN
FitNesse Path Traversal
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an attacker may be able to know whether a file exists at a specific path, and/or obtain some part of the file contents under specific conditions.
Permalink: https://github.com/advisories/GHSA-q297-5ff8-hc92JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xMjk3LTVmZjgtaGM5Ms4ABBYN
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 6 days ago
Updated: 2 days ago
CVSS Score: 5.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-q297-5ff8-hc92, CVE-2024-42499
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-42499
- https://fitnesse.org/FitNesseDownload
- https://github.com/unclebob/fitnesse/releases/tag/20241026
- https://jvn.jp/en/jp/JVN36791327
- https://github.com/unclebob/fitnesse/commit/850c599e5177d6f877af063374086f3e36b4b956
- https://github.com/advisories/GHSA-q297-5ff8-hc92
Blast Radius: 14.5
Affected Packages
maven:org.fitnesse:fitnesse
Dependent packages: 82Dependent repositories: 552
Downloads:
Affected Version Ranges: < 20241026
Fixed in: 20241026
All affected versions:
All unaffected versions: