CVE-2022-28357
CVE Details
Visit the official vulnerability details page for CVE-2022-28357 to learn more.
Initial Publication
11/13/2024
Last Update
12/12/2024
Third Party Dependency
github.com/nats-io/nats-server
NIST CVE Summary
NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account.
CVE Severity
Our Official Summary
A vulnerability was found in NATS nats-server up to 2.7.4. The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. Upgrade of the nats server is needed to fix this vulnerability.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.4.20 | ⚠️ Impacted | ⚠️ Impacted | ✅ No Impact | ✅ No Impact |
Revision History
| Date | Revision |
|---|