CVE-2022-25358
MEDIUMawful-salmonella-tar < 0.0.4 - Path Traversal via Directory Listing
Title source: llmDescription
A ..%2F path traversal vulnerability exists in the path handler of awful-salmonella-tar before 0.0.4. Attackers can only list directories (not read files). This occurs because the safe-path? Scheme predicate is not used for directories.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/mario-goulart/awful-salmonella-tar/commit/f705c881769b7610745cd4b4d8ae8b41b3f4f845
Product, Third Party Advisory x_refsource_misc
https://wiki.call-cc.org/eggref/5/awful-salmonella-tar
Scores
CVSS v3
5.3
EPSS
0.0113
EPSS Percentile
62.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
awful-salmonella-tar_project/awful-salmonella-tar
< 0.0.4
Published
Feb 18, 2022
Tracked Since
Feb 18, 2026