CVE-2018-1000850

HIGH

Square Retrofit <2.5.0 - Path Traversal

Title source: llm

Description

Square Retrofit version versions from (including) 2.0 and 2.5.0 (excluding) contains a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter that can result in By manipulating the URL an attacker could add or delete resources otherwise unavailable to her.. This attack appear to be exploitable via An attacker should have access to an encoded path parameter on POST, PUT or DELETE request.. This vulnerability appears to have been fixed in 2.5.0 and later.

Exploits (1)

nomisec STUB

by shoucheng3 · poc

https://github.com/shoucheng3/square__retrofit_CVE-2018-1000850_2-4-0

View Code ZIP pw:eip

References (7)

[Release Notes, Third Party Advisory] https://github.com/square/retrofit/blob/master/CHANGELOG.md

[Patch, Third Party Advisory] https://github.com/square/retrofit/commit/b9a7f6ad72073ddd40254c0058710e87a073047d#diff-943ec7ed35e68201824904d1dc0ec982

[Exploit, Third Party Advisory] https://ihacktoprotect.com/post/retrofit-path-traversal/

[Mailing List] https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2019:3892

[Mailing List] https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E

Scores

CVSS v3 7.5

EPSS 0.0306

EPSS Percentile 86.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-22

Status published

Products (2)

com.squareup.retrofit2/retrofit 2.0.0 - 2.5.0Maven

squareup/retrofit 2.0.0 - 2.5.0

Published Dec 20, 2018

Tracked Since Feb 18, 2026