CVE-2022-25591: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

May 13, 2022 (updated May 23, 2022)

BlogEngine.NET v3.3.8.0 was discovered to contain an arbitrary file deletion vulnerability which allows attackers to delete files within the web server root directory via a crafted HTTP request.

References

blogengine.io/
nvd.nist.gov/vuln/detail/CVE-2022-25591
www.0xlanks.me/blog/cve-2022-25591-advisory/

Code Behaviors & Features

Detect and mitigate CVE-2022-25591 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →