CVE-2023-0591

🗓️ 31 Jan 2023 09:18:07Reported by ONEKEYType

UBIReader vulnerability allows path traversal to overwrite files outside extraction directory

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2023-0591	31 Jan 202312:38	–	circl
CNNVD	UBI Reader 路径遍历漏洞	31 Jan 202300:00	–	cnnvd
Cvelist	CVE-2023-0591 Path Traversal in ubi_reader	31 Jan 202309:18	–	cvelist
EUVD	EUVD-2023-0251	3 Oct 202520:07	–	euvd
Github Security Blog	Path traversal in ubi-reader	31 Jan 202312:30	–	github
NVD	CVE-2023-0591	31 Jan 202310:15	–	nvd
OSV	GHSA-VP2X-3MC3-3CJ4 Path traversal in ubi-reader	31 Jan 202312:30	–	osv
OSV	PYSEC-2023-51	31 Jan 202310:15	–	osv
Prion	Path traversal	31 Jan 202310:15	–	prion
Positive Technologies	PT-2023-16388 · Unknown · Ubi Reader	31 Jan 202300:00	–	ptsecurity

NVD

Node

ubi_reader_project ubi_readerRange<0.8.5

[
  {
    "collectionURL": "https://pypi.org/project/ubi-reader/",
    "defaultStatus": "unaffected",
    "modules": [
      "ubireader_extract_files"
    ],
    "packageName": "ubi-reader",
    "product": "ubi_reader",
    "repo": "https://github.com/jrspruitt/ubi_reader",
    "vendor": " jrspruitt",
    "versions": [
      {
        "lessThan": "0.8.5",
        "status": "affected",
        "version": "0",
        "versionType": "0.8.4"
      }
    ]
  }
]

Source	Link
github	www.github.com/jrspruitt/ubi_reader/pull/57
onekey	www.onekey.com/blog/security-advisory-remote-command-execution-in-binwalk/

21 Nov 2024 07:37Current

5.4Medium risk

Vulners AI Score5.4

CVSS 3.15.5

EPSS0.00298

SSVC

CWE-22