Vulnerability Details CVE-2022-35410
mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. This primarily affects mat2 web instances, in which clients could obtain sensitive information via a crafted archive.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://0xacab.org/jvoisin/mat2/-/commit/beebca4bf1cd3b935824c966ce077e7bcf610385
- https://0xacab.org/jvoisin/mat2/-/issues/174
- https://dustri.org/b/mat2-0130.html
- https://www.debian.org/security/2022/dsa-5185
- https://0xacab.org/jvoisin/mat2/-/commit/beebca4bf1cd3b935824c966ce077e7bcf610385
- https://0xacab.org/jvoisin/mat2/-/issues/174
- https://dustri.org/b/mat2-0130.html
- https://www.debian.org/security/2022/dsa-5185
Products affected by CVE-2022-35410
-
cpe:2.3:a:0xacab:mat2:-
-
cpe:2.3:a:0xacab:mat2:0.1.0
-
cpe:2.3:a:0xacab:mat2:0.1.1
-
cpe:2.3:a:0xacab:mat2:0.1.2
-
cpe:2.3:a:0xacab:mat2:0.1.3
-
cpe:2.3:a:0xacab:mat2:0.10.0
-
cpe:2.3:a:0xacab:mat2:0.10.1
-
cpe:2.3:a:0xacab:mat2:0.11.0
-
cpe:2.3:a:0xacab:mat2:0.12.0
-
cpe:2.3:a:0xacab:mat2:0.12.1
-
cpe:2.3:a:0xacab:mat2:0.12.2
-
cpe:2.3:a:0xacab:mat2:0.12.3
-
cpe:2.3:a:0xacab:mat2:0.12.4
-
cpe:2.3:a:0xacab:mat2:0.2.0
-
cpe:2.3:a:0xacab:mat2:0.3.0
-
cpe:2.3:a:0xacab:mat2:0.3.1
-
cpe:2.3:a:0xacab:mat2:0.4.0
-
cpe:2.3:a:0xacab:mat2:0.5.0
-
cpe:2.3:a:0xacab:mat2:0.6.0
-
cpe:2.3:a:0xacab:mat2:0.7.0
-
cpe:2.3:a:0xacab:mat2:0.8.0
-
cpe:2.3:a:0xacab:mat2:0.9.0
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:debian:debian_linux:11.0