CVE-2024-22050

high

Description

Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs.

References

https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3

https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3

https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889

https://github.com/advisories/GHSA-85rf-xh54-whp3

Details

Source: Mitre, NVD

Published: 2024-01-04

Updated: 2024-01-10

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N