Vulnerability Details CVE-2022-25358
A ..%2F path traversal vulnerability exists in the path handler of awful-salmonella-tar before 0.0.4. Attackers can only list directories (not read files). This occurs because the safe-path? Scheme predicate is not used for directories.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.2%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- https://github.com/mario-goulart/awful-salmonella-tar/commit/f705c881769b7610745cd4b4d8ae8b41b3f4f845
- https://wiki.call-cc.org/eggref/5/awful-salmonella-tar
- https://github.com/mario-goulart/awful-salmonella-tar/commit/f705c881769b7610745cd4b4d8ae8b41b3f4f845
- https://wiki.call-cc.org/eggref/5/awful-salmonella-tar
Products affected by CVE-2022-25358
-
cpe:2.3:a:awful-salmonella-tar_project:awful-salmonella-tar:0.0.2
-
cpe:2.3:a:awful-salmonella-tar_project:awful-salmonella-tar:0.0.3