github.com/nats-io/nats-streaming is vulnerable to directory traversal. The vulnerability exists due to ZIP archive elements in the EnableJetStream
function of the jetstream.go
file which allows a malicious user to traverse the file system.
www.openwall.com/lists/oss-security/2022/03/10/1
advisories.nats.io/CVE/CVE-2022-26652.txt
github.com/nats-io/nats-server/commit/b4128693ed61aa0c32179af07677bcf1d8301dcd#diff-d704882a8a30280a9ee661296ff652924b463d1463b7f4c0527e3905c0f56726L1108
github.com/nats-io/nats-server/pull/2917
github.com/nats-io/nats-server/releases
github.com/nats-io/nats-server/security/advisories/GHSA-6h3m-36w8-hv68