Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-4FA7C462D0CDE8740B393341FF758B55Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
58.6%
HL7 (Health Level 7) FHIR Core Libraries before 5.6.92 allow attackers to extract files into arbitrary directories via directory traversal from a crafted ZIP or TGZ archive (for a prepackaged terminology cache, NPM package, or comparison archive).
| CPE | Name | Operator | Version |
|---|---|---|---|
| maven/ca.uhn.hapi.fhir/org.hl7.fhir.r5 | lt | 5.6.92 |
References
github.com/advisories/GHSA-jqh6-9574-5x22
github.com/hapifhir/org.hl7.fhir.core/commit/b50aec59124416b7315a49220cfc3999223414cc
github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-jqh6-9574-5x22
github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-xr8x-pxm6-prjg
nvd.nist.gov/vuln/detail/CVE-2023-24057
Related
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
58.6%