Required CVE Record Information
Description
NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected.
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 4 Total
- https://github.com/nats-io/nats-server/releases x_transferred
- https://github.com/nats-io/nats-server/security/advisories/GHSA-6h3m-36w8-hv68 x_transferred
- https://advisories.nats.io/CVE/CVE-2022-26652.txt x_transferred
- openwall.com: [oss-security] 20220309 CVE-2022-26652: nats-server arbitrary file write mailing-listx_transferred