CVE-2022-48253

2023-01-1100:00:00

mitre

www.cve.org

nostromo

nhttpd

path traversal

remote server

arbitrary commands

AI Score

9.9

Confidence

High

EPSS

0.002

Percentile

62.7%

JSON

nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that may allow an attacker to execute arbitrary commands on the remote server. The vulnerability occurs when the homedirs option is used.

References

nazgul.ch/dev/nostromo_cl.txt

www.soteritsecurity.com/blog/2023/01/nostromo_from_directory_traversal_to_RCE.html