Path Traversal Vulnerability Affects HTTP Request Processing

CVE-2024-46898

7.5HIGH

Key Information

Vendor: Shirasagi Project
Status: Shirasagi
Vendor: CVE Published:; 15 October 2024

Summary

SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests.

Affected Version(s)

SHIRASAGI = prior to v1.19.1

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 7.5 to: 8.6 - (HIGH)
Oct 23, 2024
Risk change from: 7.5 to: 8.6 - (HIGH)
Oct 23, 2024
Risk change from: null to: 8.6 - (HIGH)
Oct 15, 2024
Vulnerability published.
Oct 15, 2024
Vulnerability Reserved.
Oct 4, 2024

Collectors

NVD DatabaseMitre Database

.