CVE-2023-29380
https://notcve.org/view.php?id=CVE-2023-29380
Warpinator before 1.6.0 allows remote file deletion via directory traversal in top_dir_basenames. • https://github.com/linuxmint/warpinator/compare/1.4.5...1.6.0 https://www.openwall.com/lists/oss-security/2023/04/26/1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2022-42725
https://notcve.org/view.php?id=CVE-2022-42725
Warpinator through 1.2.14 allows access outside of an intended directory, as demonstrated by symbolic directory links. Warpinator versiones hasta 1.2.14, permite un acceso fuera de un directorio previsto, como lo demuestran los enlaces simbólicos de directorio • http://www.openwall.com/lists/oss-security/2022/10/24/1 http://www.openwall.com/lists/oss-security/2023/04/26/1 https://github.com/linuxmint/warpinator/commit/5244c33d4c109ede9607b9d94461650410e2cddc https://github.com/linuxmint/warpinator/commit/8bfd2f8b3f1b0c0f0a5a6d275702d107b9e08a94 https://github.com/linuxmint/warpinator/commit/95124fd4468683dd69ddd7b3da0e9906ce6beae2 https://github.com/linuxmint/warpinator/commit/f4907ef6a17a189d56ab0a9da4b53190b061ad75 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •