HIGH🇬🇧 English

CVE-2018-1000850

CVSS 7.5v3.0pub. 2018-12-20upd. 2024-11-21

Square Retrofit version versions from (including) 2.0 and 2.5.0 (excluding) contains a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter that can result in By manipulating the URL an attacker could add or delete resources otherwise unavailable to her.. This attack appear to be exploitable via An attacker should have access to an encoded path parameter on POST, PUT or DELETE request.. This vulnerability appears to have been fixed in 2.5.0 and later.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
  • Squareup Retrofit

    APP
    Squareup
    2.0.0 – 2.5.0 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Path Traversal
CWE
Referencje

Powiązane podatności

CVE-2018-1000844CRITICAL9.1ten sam produkt

Square Open Source Retrofit version Prior to commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437 contains a XML Ex...

CVE-2015-8969CRITICAL9.8ten sam vendor

git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute...

CVE-2015-8968HIGH8.8ten sam vendor

git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can inst...

CVE-2023-0833MEDIUM4.7ten sam vendor

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information d...

CVE-2023-3782MEDIUM5.9ten sam vendor

DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an atta...