Skip to content

Limited Path Traversal in name parameter hap-wi/roxy-wi

Moderate
Aidaho12 published GHSA-69j6-crq8-rrhv Mar 15, 2023

Package

pip roxy-wi (pip)

Affected versions

< v6.3.5.0

Patched versions

None

Description

An SSH key has been saved into a not intended location, in this case the /tmp folder using a payload ../../../../../tmp/test111_dev

Burp Suite Professional v2023 1 2 - roxy-wi - licensed to NooneSec single user license _001

Severity

Moderate

CVE ID

CVE-2023-25804

Weaknesses

Credits