Skip to content

Path Traversal vulnerability in hap-wi/roxy-wi

High
Aidaho12 published GHSA-qcmp-q5h3-784m Mar 12, 2023

Package

pip roxy-wi (pip)

Affected versions

< v6.3.6.0

Patched versions

None

Description

Dear Roxy-wi dev team,

As reported via email, please, I have identified a Path Traversal vulnerability in the latest codebase of hap-wi/roxy-wi.
Herein the vulnerability brief report is ethically drafted.

Please, refer to the following screenshot where the config_file_name was changed to point out to /etc/nginx/../passwd

ssc

Severity

High

CVE ID

CVE-2023-25802

Weaknesses

Credits