[MAVEN:GHSA-CG24-JJR5-RXMF] Path traversal in flaskcode Devan-Kerman ARRP

Severity High

Affected Packages 1

Fixed Packages 1

CVEs 1

Directory Traversal vulnerability in Devan-Kerman ARRP v.0.8.1 and before allows a remote attacker to execute arbitrary code via the dumpDirect in RuntimeResourcePackImpl component.

Package	Affected Version
pkg:maven/net.devtech/arrp	<= 0.8.1

Package	Fixed Version
pkg:maven/net.devtech/arrp	= 0.8.2

ID: MAVEN:GHSA-CG24-JJR5-RXMF
Severity: high
URL: https://github.com/advisories/GHSA-cg24-jjr5-rxmf
Published: 2024-03-19T09:30:32
(6 months ago)
Modified: 2024-03-29T05:01:02
(5 months ago)
Rights: Maven Security Team

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2024-24042
			https://github.com/Devan-Kerman/ARRP/commit/7ea80db462c8bf66a0565e84fa49c1f2ecb9287b
			https://gist.github.com/apple502j/193358682885fe1a6708309ce934e4ed
			https://github.com/advisories/GHSA-cg24-jjr5-rxmf

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/net.devtech/arrp	net.devtech	arrp	<= 0.8.1
Fixed	pkg:maven/net.devtech/arrp	net.devtech	arrp	= 0.8.2

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date