Lucene search

Veracode Vulnerability DatabaseVERACODE:44981

HistoryJan 08, 2024 - 6:51 a.m.

Path Traversal

2024-01-0806:51:08

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

iodine

path traversal

vulnerability

static file server

improper validation

url

exploit

attacker

read files

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

41.3%

JSON

iodine is vulnerable to Path Traversal . The vulnerability is due to improper validation or URL’s allowrf to manipulate the static file server. This issue can be exploited by an attacker to read files outside the public folder via a malicious URL.

CPENameOperatorVersion
iodinele0.7.33
iodinele0.7.33

CPE	Name	Operator	Version
	iodine	le	0.7.33
	iodine	le	0.7.33

References

github.com/advisories/GHSA-85rf-xh54-whp3

github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889

github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3

vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

41.3%

JSON

Related for VERACODE:44981