QwikSec

Security Database

CVE

CWE

Training

CVE-2024-53982

Published: Dec 4, 2024

Modified: Dec 5, 2024

PUBLISHED

Description

ZOO-Project is a C-based WPS (Web Processing Service) implementation. A path traversal vulnerability was discovered in Zoo-Project Echo example. The Echo example available by default in Zoo installs implements file caching, which can be controlled by user-given parameters. No input validation is performed in this parameter, which allows an attacker to fully control the file which is returned in the response. Patch was committed in November 22nd, 2024.

Vendor	Product	Versions
ZOO-Project	ZOO-Project	affected `< 641cb18fec58de43a3468f314e5f8808c560e6d9`

Weaknesses (CWE)

References

https://github.com/ZOO-Project/ZOO-Project/security/advisories/GHSA-93rv-45r8-h5j4

x_refsource_CONFIRM

https://github.com/ZOO-Project/ZOO-Project/commit/641cb18fec58de43a3468f314e5f8808c560e6d9

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.