Published: 15/03/2021 Updated: 18/03/2021

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.3 | Impact Score: 3.4 | Exploitability Score: 1.8

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

All versions of package github.com/tyktechnologies/tyk/gateway are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. This function is able to delete arbitrary JSON files on the disk where Tyk is running via the management API. The APIID is provided by the user and this value is then used to create a file on disk. If there is a file found with the same name then it will be deleted and then re-created with the contents of the API creation request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tyk tyk

CVEcrystalyer CVE tool to help with getting CVE details needed for reporting Tool uses reitre-jshtml as input, it will parse all of the CVE-s and grab the details from NVD and print them in terminal for copy/paste /CVEcrystalyer -h -c NAME Single CVE | Multiple CVE-s separated with ',' -> -c CVE-XXX-XXXX,CV

CWE-22 https://github.com/TykTechnologies/tyk/issues/3390 https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMTYKTECHNOLOGIESTYKGATEWAY-1078516 https://nvd.nist.gov https://github.com/captcha-n00b/CVEcrystalyer

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-23357

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect