CVE-2024-36117

Published: Jun 19, 2024

Modified: Nov 4, 2024

PUBLISHED

CVSS v3.1

8.6

HIGH

Description

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version 3.5.12. There are no known workarounds for this vulnerability. This issue was discovered and reported by the GitHub Security lab and is also tracked as GHSL-2024-074.

Vendor	Product	Versions
dzikoysk	reposilite	affected `>= 3.3.0, < 3.5.12`

Weaknesses (CWE)

CWE-22

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

Low

References

https://github.com/dzikoysk/reposilite/releases/tag/3.5.12

x_refsource_CONFIRM

https://github.com/dzikoysk/reposilite/security/advisories/GHSA-82j3-hf72-7x93

x_refsource_MISC

https://github.com/dzikoysk/reposilite/commit/e172ae4b539c822d0d6e04cf090713c7202a79d6

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-36117

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References