3 results (0.001 seconds)

CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version 3.5.12. There are no known workarounds for this vulnerability. This issue was discovered and reported by the GitHub Security lab and is also tracked as GHSL-2024-074. • https://github.com/dzikoysk/reposilite/releases/tag/3.5.12 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite provides support for JavaDocs files, which are archives that contain documentation for artifacts. Specifically, JavadocEndpoints.kt controller allows to expand the javadoc archive into the server's file system and return its content. The problem is in the way how the archives are expanded, specifically how the new filename is created. The `file.name` taken from the archive can contain path traversal characters, such as '/../../.. • https://github.com/dzikoysk/reposilite/commit/848173738e4375482c70365db5cebae29f125eaa https://github.com/dzikoysk/reposilite/releases/tag/3.5.12 https://github.com/dzikoysk/reposilite/security/advisories/GHSA-frvj-cfq4-3228 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. As a Maven repository manager, Reposilite provides the ability to view the artifacts content in the browser, as well as perform administrative tasks via API. The problem lies in the fact that the artifact's content is served via the same origin (protocol/host/port) as the Admin UI. If the artifact contains HTML content with javascript inside, the javascript is executed within the same origin. Therefore, if an authenticated user is viewing the artifacts content, the javascript inside can access the browser's local storage where the user's password (aka 'token-secret') is stored. • https://github.com/dzikoysk/reposilite/commit/279a472015ec675c1da449d902dc82e4dd578484 https://github.com/dzikoysk/reposilite/commit/d11609f427aba255e0f6f54b1105d5d20ab043cf https://github.com/dzikoysk/reposilite/releases/tag/3.5.12 https://github.com/dzikoysk/reposilite/security/advisories/GHSA-9w8w-34vr-65j2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •