Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-24569

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-01 Feb, 2024 | 19:02
Updated At-17 Jun, 2025 | 21:29
Rejected At-
Credits

`ZipSecurity#isBelowCurrentDirectory` is vulnerable to partial-path traversal vulnerability

The Pixee Java Code Security Toolkit is a set of security APIs meant to help secure Java code. `ZipSecurity#isBelowCurrentDirectory` is vulnerable to a partial-path traversal bypass. To be vulnerable to the bypass, the application must use toolkit version <=1.1.1, use ZipSecurity as a guard against path traversal, and have an exploit path. Although the control still protects attackers from escaping the application path into higher level directories (e.g., /etc/), it will allow "escaping" into sibling paths. For example, if your running path is /my/app/path you an attacker could navigate into /my/app/path-something-else. This vulnerability is patched in 1.1.2.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:01 Feb, 2024 | 19:02
Updated At:17 Jun, 2025 | 21:29
Rejected At:
▼CVE Numbering Authority (CNA)
`ZipSecurity#isBelowCurrentDirectory` is vulnerable to partial-path traversal vulnerability

The Pixee Java Code Security Toolkit is a set of security APIs meant to help secure Java code. `ZipSecurity#isBelowCurrentDirectory` is vulnerable to a partial-path traversal bypass. To be vulnerable to the bypass, the application must use toolkit version <=1.1.1, use ZipSecurity as a guard against path traversal, and have an exploit path. Although the control still protects attackers from escaping the application path into higher level directories (e.g., /etc/), it will allow "escaping" into sibling paths. For example, if your running path is /my/app/path you an attacker could navigate into /my/app/path-something-else. This vulnerability is patched in 1.1.2.

Affected Products
Vendor
pixee
Product
java-security-toolkit
Versions
Affected
  • < 1.1.2
Problem Types
TypeCWE IDDescription
CWECWE-22CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Type: CWE
CWE ID: CWE-22
Description: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Metrics
VersionBase scoreBase severityVector
3.15.4MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/pixee/java-security-toolkit/security/advisories/GHSA-qh4g-4m4w-jgv2
x_refsource_CONFIRM
https://github.com/pixee/java-security-toolkit/commit/b885b03c9cfae53d62d239037f9654d973dd54d9
x_refsource_MISC
https://github.com/pixee/java-security-toolkit/blob/7c8e93e6fb2420fb6003c54a741e267c4f883bab/src/main/java/io/github/pixee/security/ZipSecurity.java#L82-L87
x_refsource_MISC
Hyperlink: https://github.com/pixee/java-security-toolkit/security/advisories/GHSA-qh4g-4m4w-jgv2
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/pixee/java-security-toolkit/commit/b885b03c9cfae53d62d239037f9654d973dd54d9
Resource:
x_refsource_MISC
Hyperlink: https://github.com/pixee/java-security-toolkit/blob/7c8e93e6fb2420fb6003c54a741e267c4f883bab/src/main/java/io/github/pixee/security/ZipSecurity.java#L82-L87
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/pixee/java-security-toolkit/security/advisories/GHSA-qh4g-4m4w-jgv2
x_refsource_CONFIRM
x_transferred
https://github.com/pixee/java-security-toolkit/commit/b885b03c9cfae53d62d239037f9654d973dd54d9
x_refsource_MISC
x_transferred
https://github.com/pixee/java-security-toolkit/blob/7c8e93e6fb2420fb6003c54a741e267c4f883bab/src/main/java/io/github/pixee/security/ZipSecurity.java#L82-L87
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/pixee/java-security-toolkit/security/advisories/GHSA-qh4g-4m4w-jgv2
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/pixee/java-security-toolkit/commit/b885b03c9cfae53d62d239037f9654d973dd54d9
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/pixee/java-security-toolkit/blob/7c8e93e6fb2420fb6003c54a741e267c4f883bab/src/main/java/io/github/pixee/security/ZipSecurity.java#L82-L87
Resource:
x_refsource_MISC
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:01 Feb, 2024 | 19:15
Updated At:09 Feb, 2024 | 20:15

The Pixee Java Code Security Toolkit is a set of security APIs meant to help secure Java code. `ZipSecurity#isBelowCurrentDirectory` is vulnerable to a partial-path traversal bypass. To be vulnerable to the bypass, the application must use toolkit version <=1.1.1, use ZipSecurity as a guard against path traversal, and have an exploit path. Although the control still protects attackers from escaping the application path into higher level directories (e.g., /etc/), it will allow "escaping" into sibling paths. For example, if your running path is /my/app/path you an attacker could navigate into /my/app/path-something-else. This vulnerability is patched in 1.1.2.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.8MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Secondary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
Type: Primary
Version: 3.1
Base score: 4.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
CPE Matches
pixee
pixee
>>java_code_security_toolkit>>Versions before 1.1.2(exclusive)
cpe:2.3:a:pixee:java_code_security_toolkit:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-22Primarysecurity-advisories@github.com
CWE ID: CWE-22
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/pixee/java-security-toolkit/blob/7c8e93e6fb2420fb6003c54a741e267c4f883bab/src/main/java/io/github/pixee/security/ZipSecurity.java#L82-L87security-advisories@github.com
Product
https://github.com/pixee/java-security-toolkit/commit/b885b03c9cfae53d62d239037f9654d973dd54d9security-advisories@github.com
Patch
https://github.com/pixee/java-security-toolkit/security/advisories/GHSA-qh4g-4m4w-jgv2security-advisories@github.com
Exploit
Vendor Advisory
Hyperlink: https://github.com/pixee/java-security-toolkit/blob/7c8e93e6fb2420fb6003c54a741e267c4f883bab/src/main/java/io/github/pixee/security/ZipSecurity.java#L82-L87
Source: security-advisories@github.com
Resource:
Product
Hyperlink: https://github.com/pixee/java-security-toolkit/commit/b885b03c9cfae53d62d239037f9654d973dd54d9
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/pixee/java-security-toolkit/security/advisories/GHSA-qh4g-4m4w-jgv2
Source: security-advisories@github.com
Resource:
Exploit
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

5Records found
CVE-2015-9546
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.08% / 25.01%
||
7 Day CHG~0.00%
Published-10 Apr, 2020 | 18:54
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with KK(4.4) and later software through 2015-06-16. In some cases, HTTP is used for an Inputmethod, rather than HTTPS. A man-in-the-middle attacker can modify the client-server data stream to insert directory traversal sequences into an extracted file path. The Samsung ID is SVE-2015-4363 (November 2015).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-29425
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-4.8||MEDIUM
EPSS-0.26% / 48.86%
||
7 Day CHG-0.01%
Published-13 Apr, 2021 | 06:50
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Possible limited path traversal vulnerabily in Apache Commons IO

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.

Action-Not Available
Vendor-The Apache Software FoundationNetApp, Inc.Debian GNU/LinuxOracle Corporation
Product-healthcare_data_repositoryprimavera_unifiercommunications_billing_and_revenue_management_elastic_charging_enginebanking_enterprise_default_managmentretail_service_backbonecommunications_order_and_service_managementretail_assortment_planningbanking_platformhealth_sciences_data_management_workbenchcommunications_policy_managementagile_plmoss_support_toolsretail_merchandising_systemcommunications_cloud_native_core_policybanking_party_managementcommons_iobanking_apiscommunications_application_session_controllerbanking_enterprise_default_managementblockchain_platformcommunications_cloud_native_core_unified_data_repositoryfinancial_services_analytical_applications_infrastructureretail_order_brokercommunications_design_studiocommunications_service_brokerfusion_middleware_mapviewercommunications_interactive_session_recorderaccess_managerretail_size_profile_optimizationapplication_testing_suitecommunications_convergenceenterprise_communications_brokercommunications_converged_application_server_-_service_controllercommunications_contacts_serverinsurance_rules_paletteretail_pricingbanking_digital_experiencerest_data_servicescommunications_offline_mediation_controllerutilities_testing_acceleratorsolaris_clustercommunications_cloud_native_core_network_repository_functionactive_iq_unified_managerhelidonretail_integration_busagile_engineering_data_managemententerprise_session_border_controllercommunications_diameter_intelligence_hubdebian_linuxweblogic_servercommunications_pricing_design_centerhealth_sciences_information_managerapplication_performance_managementflexcube_core_bankingretail_xstore_point_of_serviceinsurance_policy_administrationfinancial_services_model_management_and_governancereal_user_experience_insightcommerce_guided_searchwebcenter_portalApache Commons IO
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-3688
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.23% / 45.80%
||
7 Day CHG~0.00%
Published-26 Aug, 2022 | 15:25
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-jboss_core_services_httpdRed Hat JBCS HTTP Server
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-2745
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-68.87% / 98.57%
||
7 Day CHG~0.00%
Published-17 May, 2023 | 08:36
Updated-24 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack.

Action-Not Available
Vendor-WordPress.org
Product-wordpressWordPress
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-24815
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.21% / 43.67%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 17:36
Updated-10 Mar, 2025 | 21:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Disclosure of classpath resources on Windows when mounted on a wildcard route in vertx-web

Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using `StaticHandler` on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard (`*`) then an attacker can exfiltrate any class path resource. When computing the relative path to locate the resource, in case of wildcards, the code: `return "/" + rest;` from `Utils.java` returns the user input (without validation) as the segment to lookup. Even though checks are performed to avoid escaping the sandbox, given that the input was not sanitized `\` are not properly handled and an attacker can build a path that is valid within the classpath. This issue only affects users deploying in windows environments and upgrading is the advised remediation path. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-vert-x3Eclipse Foundation AISBL
Product-vert.x-webvertx-web
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Details not found