CVE-2022-28357
CVE Details
Last Update
10/10/2024
NIST CVE Summary
NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action
from a management account.
Our Official Summary
A vulnerability was found in NATS nats-server up to 2.7.4. The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. Upgrade of the nats server is needed to fix this vulnerability.
CVE Severity
Status
Ongoing
Affected Products & Versions
- Palette VerteX airgap 4.4.18
Revision History
- 1.0 09/15/2024 Initial Publication
- 2.0 09/15/2024 Added palette VerteX airgap 4.4.18 to Affected Products
- 3.0 10/10/2024 CVE remediated in Palette VerteX airgap 4.5.3