CVE-2022-26068

NameCVE-2022-26068
DescriptionThis affects the package pistacheio/pistache before 0.0.3.20220425. It is possible to traverse directories to fetch arbitrary files from the server.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
pistache (PTS)bookworm0.0.5+ds-3fixed
sid, trixie0.0.5+ds-5.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
pistachesource(unstable)(not affected)

Notes

- pistache <not-affected> (Fixed with initial upload to Debian)
https://github.com/pistacheio/pistache/pull/1065
https://github.com/pistacheio/pistache/commit/4ba6da096611d11849aa37ee342c032a306ee885 (0.0.5)

Search for package or bug name: Reporting problems