Duplicate Advisory: Malicious URL drafting attack against iodines static file server may allow path traversal

GHSA-qwf7-rv77-fcr3

Published Jan 4, 2024 · Modified Dec 7, 2024

Description

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-85rf-xh54-whp3. This link is maintained to preserve external references.

Original Description

Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs.

References

WEB https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-22050
WEB https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889
ADVISORY https://github.com/advisories/GHSA-85rf-xh54-whp3
WEB https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes