Ecosyste.ms: Advisories

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThwOGctZjl2Zy1yN3hy

Directory Traversal vulnerability in Square Retrofit

Square Retrofit versions from (including) 2.0 to 2.5.0 (excluding) contain a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter. By manipulating the URL an attacker could add or delete resources otherwise unavailable to her. This attack appears to be exploitable via an encoded path parameter on POST, PUT or DELETE request. This vulnerability appears to have been fixed in 2.5.0 and later.

Permalink: https://github.com/advisories/GHSA-8p8g-f9vg-r7xr
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThwOGctZjl2Zy1yN3hy
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 6 years ago
Updated: almost 2 years ago

CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Identifiers: GHSA-8p8g-f9vg-r7xr, CVE-2018-1000850
References:

• https://nvd.nist.gov/vuln/detail/CVE-2018-1000850
• https://github.com/square/retrofit/commit/b9a7f6ad72073ddd40254c0058710e87a073047d#diff-943ec7ed35e68201824904d1dc0ec982
• https://access.redhat.com/errata/RHSA-2019:3892
• https://github.com/advisories/GHSA-8p8g-f9vg-r7xr
• https://github.com/square/retrofit/blob/master/CHANGELOG.md
• https://ihacktoprotect.com/post/retrofit-path-traversal/
• https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
• https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
• https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

Repository: https://github.com/square/retrofit
Blast Radius: 37.7

Affected Packages