← volver
CVE-2025-11842

Shazwazza Smidge Bundle path traversal

CVSS 5.3 MEDIUMEPSS 0.4%CWE-22
A security vulnerability has been detected in Shazwazza Smidge up to 4.5.1. The impacted element is an unknown function of the component Bundle Handler. The manipulation of the argument Version leads to path traversal. Remote exploitation of the attack is possible. Upgrading to version 4.6.0 is sufficient to resolve this issue. It is recommended to upgrade the affected component.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
Productos afectados
Shazwazza · Smidge

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/asust9/smidge-vuln?tab=readme-ov-filehttps://github.com/Shazwazza/Smidge/releases/tag/v4.6.0https://vuldb.com/?ctiid.328776https://vuldb.com/?id.328776https://vuldb.com/?submit.664905