CVE-2015-10030: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

January 8, 2023 (updated January 12, 2023)

A vulnerability has been found in SUKOHI Surpass and classified as critical. This vulnerability affects unknown code of the file src/Sukohi/Surpass/Surpass.php. The manipulation of the argument dir leads to pathname traversal. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is d22337d453a2a14194cdb02bf12cdf9d9f827aa7. It is recommended to upgrade the affected component. VDB-217642 is the identifier assigned to this vulnerability.

References

github.com/SUKOHI/Surpass/commit/d22337d453a2a14194cdb02bf12cdf9d9f827aa7
github.com/SUKOHI/Surpass/releases/tag/1.0.0
github.com/advisories/GHSA-c9pw-f4wp-22jr
nvd.nist.gov/vuln/detail/CVE-2015-10030
vuldb.com/?ctiid.217642
vuldb.com/?id.217642

Code Behaviors & Features

Detect and mitigate CVE-2015-10030 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →