Published: 08/07/2022 Updated: 20/07/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

mat2 (aka metadata anonymisation toolkit) prior to 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. This primarily affects mat2 web instances, in which clients could obtain sensitive information via a crafted archive.

Vulnerable Product	Search on Vulmon	Subscribe to Product
0xacab mat2
debian debian linux 10.0
debian debian linux 11.0

A directory traversal vulnerability was discovered in the Metadata anonymisation toolkit, which could result in information disclosure via a malformed ZIP archive For the oldstable distribution (buster), this problem has been fixed in version 080-3+deb10u1 For the stable distribution (bullseye), this problem has been fixed in version 0121-2+d ...

mat2 before 0130 allows / directory traversal during the ZIP archive cleaning process This primarily affects mat2 web instances, in which clients could obtain sensitive information via a crafted archive ...

CWE-22 https://0xacab.org/jvoisin/mat2/-/commit/beebca4bf1cd3b935824c966ce077e7bcf610385 https://dustri.org/b/mat2-0130.html https://0xacab.org/jvoisin/mat2/-/issues/174 https://www.debian.org/security/2022/dsa-5185 https://nvd.nist.gov https://www.debian.org/security/2022/dsa-5185

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-35410

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect