CVE-2024-22050

Sažetak

Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs.

Reference

https://github.com/advisories/GHSA-85rf-xh54-whp3
https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889
https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3
https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3
https://github.com/advisories/GHSA-85rf-xh54-whp3
https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889
https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3
https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3

CVSS

Base:	7.5
Impact:	3.6
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Zadnje važnije ažuriranje

29-11-2025 - 02:15

Objavljeno

04-01-2024 - 21:15