Path Traversal Vulnerability Affects HTTP Request Processing
CVE-2024-46898

7.5HIGH

Key Information:

Vendor: Shirasagi Project
Status: Shirasagi
Vendor: CVE Published:; 15 October 2024

Summary

The SHIRASAGI web application framework prior to version 1.19.1 contains a significant path traversal vulnerability. This vulnerability arises from improper processing of URLs in HTTP requests, allowing an attacker to craft specific requests that can lead to the retrieval of arbitrary files stored on the server. Successful exploitation of this vulnerability could compromise sensitive information and alter the security posture of affected installations.

Affected Version(s)

SHIRASAGI prior to v1.19.1

References

https://github.com/shirasagi/shirasagi/commit/5ac4685d7e4...

https://www.ss-proj.org/

https://jvn.jp/en/jp/JVN58721679/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 15, 2024
Vulnerability Reserved
Oct 4, 2024

Collectors

NVD DatabaseMitre Database