SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 11 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00352}

epss

{'score': 0.00467}


Thu, 17 Oct 2024 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}


Tue, 15 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Ss-proj
Ss-proj shirasagi
CPEs cpe:2.3:a:ss-proj:shirasagi:*:*:*:*:*:*:*:*
Vendors & Products Ss-proj
Ss-proj shirasagi
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 15 Oct 2024 06:30:00 +0000

Type Values Removed Values Added
Description SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests.
Weaknesses CWE-22
References
Metrics cvssV3_0

{'score': 8.6, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2024-10-23T04:58:28.816Z

Reserved: 2024-10-04T06:36:35.246Z

Link: CVE-2024-46898

cve-icon Vulnrichment

Updated: 2024-10-15T13:48:29.057Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-15T07:15:02.267

Modified: 2024-10-17T17:52:00.700

Link: CVE-2024-46898

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.