forked from Liby99/cwe-bench-java
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsquare__retrofit_CVE-2018-1000850_2.4.0.json
89 lines (89 loc) · 2.64 KB
/
square__retrofit_CVE-2018-1000850_2.4.0.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
{
"schema_version": "1.4.0",
"id": "GHSA-8p8g-f9vg-r7xr",
"modified": "2022-09-14T22:25:15Z",
"published": "2018-12-21T17:48:19Z",
"aliases": [
"CVE-2018-1000850"
],
"summary": "Directory Traversal vulnerability in Square Retrofit",
"details": "Square Retrofit versions from (including) 2.0 to 2.5.0 (excluding) contain a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter. By manipulating the URL an attacker could add or delete resources otherwise unavailable to her. This attack appears to be exploitable via an encoded path parameter on POST, PUT or DELETE request. This vulnerability appears to have been fixed in 2.5.0 and later.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.squareup.retrofit2:retrofit"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.5.0"
}
]
}
]
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000850"
},
{
"type": "WEB",
"url": "https://github.com/square/retrofit/commit/b9a7f6ad72073ddd40254c0058710e87a073047d#diff-943ec7ed35e68201824904d1dc0ec982"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-8p8g-f9vg-r7xr"
},
{
"type": "PACKAGE",
"url": "https://github.com/square/retrofit"
},
{
"type": "WEB",
"url": "https://github.com/square/retrofit/blob/master/CHANGELOG.md"
},
{
"type": "WEB",
"url": "https://ihacktoprotect.com/post/retrofit-path-traversal"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
}
],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"severity": "HIGH",
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:26:16Z",
"nvd_published_at": null
}
}