CVE-2022-23082

HIGH

CureKit 1.0.1-1.1.3 - Path Traversal via isFileOutsideDir Input Sanitization Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-23082. PoCs published by shoucheng3.

AI-analyzed exploit summary This repository contains a proof-of-concept for CVE-2022-23082, which involves insecure deserialization in the WhiteSource CureKit library. The exploit demonstrates how malicious input can bypass sanitization and execute arbitrary code during deserialization.

Description

In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal.

Exploits (1)

nomisec WORKING POC

by shoucheng3 · poc

https://github.com/shoucheng3/whitesource__curekit_CVE-2022-23082_1-1-3

View Code ZIP pw:eip

This repository contains a proof-of-concept for CVE-2022-23082, which involves insecure deserialization in the WhiteSource CureKit library. The exploit demonstrates how malicious input can bypass sanitization and execute arbitrary code during deserialization.

Classification

Working Poc 90%

Attack Type

Deserialization

Complexity

Moderate

Reliability

Reliable

Target: WhiteSource CureKit 1.1.0

No auth needed

Prerequisites: Access to a system using the vulnerable CureKit library · Ability to craft malicious serialized input

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Patch, Third Party Advisory x_refsource_misc

https://github.com/whitesource/CureKit/commit/af35e870ed09411d2f1fae6db1b04598cd1a31b6

View Patch ZIP pw:eip

Vendor Advisory x_refsource_misc

https://www.mend.io/vulnerability-database/CVE-2022-23082

Scores

CVSS v3 7.5

EPSS 0.0035

EPSS Percentile 58.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (2)

io.whitesource/curekit 1.0.1 - 1.1.4Maven

mend/curekit 1.0.1 - 1.1.3

Published May 31, 2022

Tracked Since Feb 18, 2026