CVE-2022-48476

Path Traversal: '.../...//' (CWE-35)

Published: Apr 24, 2023 / Updated: 19mo ago

010
CVSS 7.5EPSS 0.09%High
CVE info copied to clipboard

In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Timeline

First Article

Feedly found the first article mentioning CVE-2022-48476. See article

Apr 24, 2023 at 1:35 PM / infosec.exchange
EPSS

EPSS Score was set to: 0.09% (Percentile: 37.5%)

Sep 17, 2023 at 1:22 PM
Static CVE Timeline Graph

Affected Systems

Jetbrains/ktor
+null more

Patches

www.jetbrains.com
+null more

Attack Patterns

CAPEC-126: Path Traversal
+null more

References

Path traversal in JetBrains Ktor
Classification: Important, Solution: Update, Exploit: Unknown In JetBrains Ktor before 2.3.0 path traversal in the resolveResource method was possible CVE: CVE-2022-48476 CVSS: 7.5

News

Vulnerability Summary for the Week of April 24, 2023 | CISA
wordpress — wordpress A vulnerability was found in Kau-Boy Backend Localization Plugin up to 1.6.1 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the file backend_localization.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.0 is able to address this issue. The name of the patch is 43dc96defd7944da12ff116476a6890acd7dd24b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227231. 2023-04-24 not yet calculated CVE-2012-10013 MISC MISC MISC MISC wordpress — wordpress A vulnerability classified as problematic has been found in Kau-Boy Backend Localization Plugin 2.0 on WordPress.
Path traversal in JetBrains Ktor
Classification: Important, Solution: Update, Exploit: Unknown In JetBrains Ktor before 2.3.0 path traversal in the resolveResource method was possible CVE: CVE-2022-48476 CVSS: 7.5
CVE-2022-48476
In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible (CVSS:0.0) (Last Update:2023-04-24)
CVE-2022-48476
- CVSS Scores & Vulnerability Types If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores.
NA - CVE-2022-48476 - In JetBrains Ktor before 2.3.0 path traversal...
In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible
See 9 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:None
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI