CVE-2020-4039
HIGHfossasia/susi.ai < 2020-05-13 - Path Traversal and Arbitrary File Manipulation
Title source: llmDescription
SUSI.AI is an intelligent Open Source personal assistant. SUSI.AI Server before version d27ed0f has a directory traversal vulnerability due to insufficient input validation. Any admin config and file readable by the app can be retrieved by the attacker. Furthermore, some files can also be moved or deleted.
References (1)
Core 1
Core References
Patch, Third Party Advisory x_refsource_confirm
https://github.com/fossasia/susi_server/security/advisories/GHSA-wcm4-2jp5-q269
Scores
CVSS v3
8.6
EPSS
0.0137
EPSS Percentile
68.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Details
CWE
CWE-22
CWE-23
Status
published
Products (1)
fossasia/susi.ai
< 2020-05-13
Published
Apr 30, 2021
Tracked Since
Feb 18, 2026