Lucene search
VulnCheckCVE-2024-22050HistoryJan 04, 2024 - 9:15 p.m.
CVE-2024-22050
2024-01-0421:15:10
CWE-22
VulnCheck
web.nvd.nist.gov
16
cve-2024-22050
path traversal
iodine
security vulnerability
file service
nvd
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
7.4
Confidence
High
EPSS
0.001
Percentile
41.1%
Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs.
Affected configurations
Node
boazsegeviodineRange≤0.7.33ruby
CNA Affected
[
{
"collectionURL": "https://rubygems.org",
"defaultStatus": "unaffected",
"packageName": "iodine",
"versions": [
{
"lessThan": "0.7.33",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
osv
osv
CVE-2024-22050
2024-01-04 21:15:10
rubygems
rubygems
veracode
veracode
Path Traversal
2024-01-08 06:51:08
prion
prion
Path traversal
2024-01-04 21:15:00
nvd
nvd
CVE-2024-22050
2024-01-04 21:15:10
github
github
cvelist
cvelist
CVE-2024-22050 Iodine Static File Server Path Traversal Vulnerability
2024-01-04 20:24:58
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
7.4
Confidence
High
EPSS
0.001
Percentile
41.1%
Related for CVE-2024-22050