Search criteria
3 vulnerabilities found for iodine by boazsegev
FKIE_CVE-2024-22050
Vulnerability from fkie_nvd - Published: 2024-01-04 21:15 - Updated: 2025-11-29 02:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:boazsegev:iodine:*:*:*:*:*:ruby:*:*",
"matchCriteriaId": "259C2480-6121-490C-8B3A-911E14C61AC7",
"versionEndIncluding": "0.7.33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs."
},
{
"lang": "es",
"value": "Path traversal en el servicio de archivos est\u00e1ticos en Iodine inferior a 0.7.33 permite a un atacante remoto no autenticado leer archivos fuera de la carpeta p\u00fablica a trav\u00e9s de URL maliciosas."
}
],
"id": "CVE-2024-22050",
"lastModified": "2025-11-29T02:15:50.880",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-01-04T21:15:10.100",
"references": [
{
"source": "disclosure@vulncheck.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/advisories/GHSA-85rf-xh54-whp3"
},
{
"source": "disclosure@vulncheck.com",
"tags": [
"Patch"
],
"url": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889"
},
{
"source": "disclosure@vulncheck.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3"
},
{
"source": "disclosure@vulncheck.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/advisories/GHSA-85rf-xh54-whp3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3"
}
],
"sourceIdentifier": "disclosure@vulncheck.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "disclosure@vulncheck.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-22050 (GCVE-0-2024-22050)
Vulnerability from cvelistv5 – Published: 2024-01-04 20:24 – Updated: 2025-11-29 01:20
VLAI?
Title
Iodine Static File Server Path Traversal Vulnerability
Summary
Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-85rf-xh54-whp3"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-22050",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-16T18:36:35.376436Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T18:37:02.336Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://rubygems.org",
"defaultStatus": "unaffected",
"packageName": "iodine",
"versions": [
{
"lessThan": "0.7.33",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:boazsegev:iodine:*:*:*:*:*:ruby:*:*",
"versionEndExcluding": "0.7.33",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePath traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs.\u003c/p\u003e"
}
],
"value": "Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-29T01:20:07.474Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3"
},
{
"tags": [
"patch"
],
"url": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/advisories/GHSA-85rf-xh54-whp3"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Iodine Static File Server Path Traversal Vulnerability",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-22050",
"datePublished": "2024-01-04T20:24:58.500Z",
"dateReserved": "2024-01-04T18:44:53.108Z",
"dateUpdated": "2025-11-29T01:20:07.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-22050 (GCVE-0-2024-22050)
Vulnerability from nvd – Published: 2024-01-04 20:24 – Updated: 2025-11-29 01:20
VLAI?
Title
Iodine Static File Server Path Traversal Vulnerability
Summary
Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-85rf-xh54-whp3"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-22050",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-16T18:36:35.376436Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T18:37:02.336Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://rubygems.org",
"defaultStatus": "unaffected",
"packageName": "iodine",
"versions": [
{
"lessThan": "0.7.33",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:boazsegev:iodine:*:*:*:*:*:ruby:*:*",
"versionEndExcluding": "0.7.33",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePath traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs.\u003c/p\u003e"
}
],
"value": "Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-29T01:20:07.474Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3"
},
{
"tags": [
"patch"
],
"url": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/advisories/GHSA-85rf-xh54-whp3"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Iodine Static File Server Path Traversal Vulnerability",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-22050",
"datePublished": "2024-01-04T20:24:58.500Z",
"dateReserved": "2024-01-04T18:44:53.108Z",
"dateUpdated": "2025-11-29T01:20:07.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}