CVE-2022-26652

More information about this CVE will likely be available in a few days.

Description

NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected.

Related CPE's

Could not find any relations

References

https://github.com/nats-io/nats-server/security/advisories/GHSA-6h3m-36w8-hv68

https://github.com/nats-io/nats-server/releases

https://advisories.nats.io/CVE/CVE-2022-26652.txt

[oss-security] 20220309 CVE-2022-26652: nats-server arbitrary file write

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics

Created by Yello

About Severity.io