CVE-2022-23082: Relative Path Traversal

May 31, 2022 (updated June 10, 2022)

In CureKit versions v1.0.1 through v1.1.3 is vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal.

References

github.com/advisories/GHSA-m9vj-44f3-78xw
github.com/whitesource/CureKit/commit/af35e870ed09411d2f1fae6db1b04598cd1a31b6
nvd.nist.gov/vuln/detail/CVE-2022-23082
www.mend.io/vulnerability-database/CVE-2022-23082

Code Behaviors & Features

Detect and mitigate CVE-2022-23082 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →