CVE-2022-23620: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

February 9, 2022 (updated February 10, 2022)

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. it is possible to for the HTML export process to contain reference elements containing filesystem syntax like “../”, “./”. or “/” in general. The referenced elements are not properly escaped. This issue has been resolved . This issue can be worked around by limiting or disabling document export.

References

github.com/advisories/GHSA-7ph6-5cmq-xgjq
github.com/xwiki/xwiki-platform/commit/ab778254fb8f71c774e1c1239368c44fe3b6bba5
github.com/xwiki/xwiki-platform/security/advisories/GHSA-7ph6-5cmq-xgjq
jira.xwiki.org/browse/XWIKI-18819

Code Behaviors & Features

Detect and mitigate CVE-2022-23620 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →