CVE-2022-48476: Path Traversal
First published: Mon Apr 24 2023(Updated: )
In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible
Credit: security@jetbrains.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| JetBrains Ktor | <2.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-48476?
The severity of CVE-2022-48476 is high with a severity value of 7.5.
How does path traversal in the `resolveResource` method affect JetBrains Ktor before 2.3.0?
Path traversal in the `resolveResource` method allows an attacker to access files outside of the intended directory, potentially leading to unauthorized access or data leakage.
How can I fix the path traversal vulnerability in JetBrains Ktor before 2.3.0?
Update JetBrains Ktor to version 2.3.0 or above to fix the path traversal vulnerability.
What is the Common Weakness Enumeration (CWE) ID for CVE-2022-48476?
The Common Weakness Enumeration (CWE) IDs for CVE-2022-48476 are CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and CWE-35 (Path Traversal).
Where can I find more information about the fix for CVE-2022-48476?
More information about the fix for CVE-2022-48476 can be found at the following URL: https://www.jetbrains.com/privacy-security/issues-fixed/
- collector/nvd-index
- vendor/jetbrains
- canonical/jetbrains ktor