CVE-2022-25298

2022-02-1813:15:08

Google

osv.dev

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.0%

This affects the package sprinfall/webcc before 0.3.0. It is possible to traverse directories to fetch arbitrary files from the server.

CPENameOperatorVersion
webcceq0.2.0
webcceqasync_api_v1
webcceqclient_api_v1

Name	Operator	Version
webcc	eq	0.2.0
webcc	eq	async_api_v1
webcc	eq	client_api_v1

References

github.com/sprinfall/webcc/commit/55a45fd5039061d5cc62e9f1b9d1f7e97a15143f

snyk.io/vuln/SNYK-UNMANAGED-SPRINFALLWEBCC-2404182