Lucene search
HistoryJan 04, 2024 - 9:15 p.m.
CVE-2024-22050
cve-2024-22050
path traversal
iodine
security vulnerability
file service
nvd
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.3%
Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs.
Affected configurations
Node
boazsegeviodineRange≤0.7.33ruby
| CPE | Name | Operator | Version |
|---|---|---|---|
| boazsegev:iodine | boazsegev iodine | le | 0.7.33 |
CNA Affected
[
{
"collectionURL": "https://rubygems.org",
"defaultStatus": "unaffected",
"packageName": "iodine",
"versions": [
{
"lessThan": "0.7.33",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
prion
prion
Path traversal
2024-01-04 21:15:00
nvd
nvd
CVE-2024-22050
2024-01-04 21:15:10
veracode
veracode
Path Traversal
2024-01-08 06:51:08
github
github
osv
osv
Malicious URL drafting attack against iodines static file server may allow path traversal
2019-10-07 16:52:13
CVE-2024-22050
2024-01-04 21:15:10
cvelist
cvelist
CVE-2024-22050 Iodine Static File Server Path Traversal Vulnerability
2024-01-04 20:24:58
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.3%
Related for CVE-2024-22050