CVE-2022-23082

HIGH

Mend Curekit < 1.1.3 - Path Traversal

Title source: rule

Description

In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal.

Exploits (1)

nomisec WORKING POC

by shoucheng3 · poc

https://github.com/shoucheng3/whitesource__curekit_CVE-2022-23082_1-1-3

View Code ZIP pw:eip

References (2)

[Patch, Third Party Advisory] https://github.com/whitesource/CureKit/commit/af35e870ed09411d2f1fae6db1b04598cd1a31b6

[Vendor Advisory] https://www.mend.io/vulnerability-database/CVE-2022-23082

Scores

CVSS v3 7.5

EPSS 0.0049

EPSS Percentile 65.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (2)

io.whitesource/curekit 1.0.1 - 1.1.4Maven

mend/curekit 1.0.1 - 1.1.3

Published May 31, 2022

Tracked Since Feb 18, 2026