Directory Traversal Vulnerability in Erlang/OTP by Erlang Solutions
CVE-2020-25623

7.5HIGH

Key Information:

Vendor

Erlang

Status
Erlang\/otp
Vendor
CVE Published:
2 October 2020

What is CVE-2020-25623?

Erlang/OTP versions 22.3.x prior to 22.3.4.6 and 23.x prior to 23.1 are susceptible to a Directory Traversal vulnerability. This issue arises when an attacker exploits the httpd component in the inets application to craft HTTP requests that can read arbitrary files on the server. Proper validation and sanitization of file paths are crucial to mitigate this vulnerability and prevent unauthorized file access.

References

https://www.erlang.org/news
x_refsource_MISC
https://www.erlang.org/downloads
x_refsource_CONFIRM
https://github.com/erlang/otp/releases/tag/OTP-23.1
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.