ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access files or directories that are outside of the restricted directory set by the application. This could lead to the disclosure of sensitive information or the manipulation of system data.
Metrics
Affected Vendors & Products
References
History
Tue, 24 Dec 2024 02:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 23 Dec 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access files or directories that are outside of the restricted directory set by the application. This could lead to the disclosure of sensitive information or the manipulation of system data. | |
Title | ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) | |
Weaknesses | CWE-22 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: adobe
Published: 2024-12-23T20:11:38.875Z
Updated: 2024-12-24T01:31:48.860Z
Reserved: 2024-11-25T17:39:04.110Z
Link: CVE-2024-53961
Vulnrichment
Updated: 2024-12-24T01:31:43.756Z
NVD
Status : Received
Published: 2024-12-23T21:15:05.820
Modified: 2024-12-23T21:15:05.820
Link: CVE-2024-53961
Redhat
No data.