Home > Vulnerability Database > CVE-2018-25059

Mend.io Vulnerability Database

CVE-2018-25059

Good to know:

Date: December 30, 2022

A vulnerability was found in pastebinit up to 0.2.2 and classified as problematic. Affected by this issue is the function pasteHandler of the file server.go. The manipulation of the argument r.URL.Path leads to path traversal. Upgrading to version 0.2.3 is able to address this issue. The name of the patch is 1af2facb6d95976c532b7f8f82747d454a092272. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217040.

Language: Go

Severity Score

3.5

Related Resources (9)

Url: https://github.com/jessfraz/pastebinit

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-25059

Url: https://vuldb.com/?ctiid.217040

Url: https://github.com/jessfraz/pastebinit/pull/3

Url: https://vuldb.com/?id.217040

Url: https://github.com/advisories/GHSA-cwh7-28vg-jmpr

Url: https://github.com/jessfraz/pastebinit/releases/tag/v0.2.3

Url: https://github.com/jessfraz/pastebinit/commit/1af2facb6d95976c532b7f8f82747d454a092272

Url: https://www.mend.io/vulnerability-database/CVE-2018-25059

Severity Score

3.5

Weakness Type (CWE)

Path Traversal

CWE-22

Top Fix

Upgrade Version

Upgrade to version v0.2.3

Learn More

CVSS v3.1

Base Score:	3.5
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	2.7
Access Vector (AV):	ADJACENT
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-25059

Good to know:

Date: December 30, 2022

Language: Go

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?