
We found results for “”
WS-2022-0243
Date: August 19, 2025
The package tower-http is vulnerable to file disclosure due to improper validation of Windows paths, which may lead to path traversal. An attacker can access arbitrary files in the server. versions 0.1.3 and 0.2.1 contain a patch for this issue.
Language: RUST
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-22CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | HIGH |