We found results for “”
WS-2022-0278
Good to know:
Date: August 17, 2022
A path traversal vulnerability exists within unjs/unstorage when using the file system storage driver. This vulnerability can be exploited when the user has control over the key name. By creating key names containing sequences of ../ or ..: we can navigate the file system. We are able to use : as a substitute to / due to this line.
Language: TYPE_SCRIPT
Severity Score
Severity Score
Weakness Type (CWE)
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-96Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |