5 matches found
CVE-2023-41057
creationtimestamp| type| source ---|---|--- 2023-09-04 22:21:24+00:00| seen| https://t.me/cibsecurity/69806...
CVE-2023-41057 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in hyper-bump-it
hyper-bump-it is a command line tool for updating the version in project files.hyper-bump-it reads a file glob pattern from the configuration file. That is combined with the project root directory to construct a full glob pattern that is used to find files that should be edited. These matched fil...
CVE-2023-41057 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in hyper-bump-it
hyper-bump-it is a command line tool for updating the version in project files.hyper-bump-it reads a file glob pattern from the configuration file. That is combined with the project root directory to construct a full glob pattern that is used to find files that should be edited. These matched fil...
CVE-2023-41057
Hyper-bump-it contains a Path Traversal vulnerability due to not checking that the globbed files reside under the project root. The code joins project root with a config-supplied string to build the target path, which can cause edits to files outside the project. The issue is fixed in release v0....
CVE-2023-41057 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in hyper-bump-it
hyper-bump-it is a command line tool for updating the version in project files.hyper-bump-it reads a file glob pattern from the configuration file. That is combined with the project root directory to construct a full glob pattern that is used to find files that should be edited. These matched fil...