← voltar
CVE-2025-11842

Shazwazza Smidge Bundle path traversal

CVSS 5.3 MEDIUMEPSS 0.4%CWE-22
A security vulnerability has been detected in Shazwazza Smidge up to 4.5.1. The impacted element is an unknown function of the component Bundle Handler. The manipulation of the argument Version leads to path traversal. Remote exploitation of the attack is possible. Upgrading to version 4.6.0 is sufficient to resolve this issue. It is recommended to upgrade the affected component.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
Produtos afetados
Shazwazza · Smidge

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/asust9/smidge-vuln?tab=readme-ov-filehttps://github.com/Shazwazza/Smidge/releases/tag/v4.6.0https://vuldb.com/?ctiid.328776https://vuldb.com/?id.328776https://vuldb.com/?submit.664905