Impact
An attacker may be able to read the contents of local files. This affects untangle versions up to and including 1.2.0
Patches
The problem has been fixed with version 1.2.1
Workarounds
None
References
https://jvn.jp/en/jp/JVN30454777/
For more information
If you have any questions or comments about this advisory:
- Open an issue
References
- https://github.com/stchris/untangle/security/advisories/GHSA-f83q-2cp7-qrjg
- https://nvd.nist.gov/vuln/detail/CVE-2022-31471
- https://github.com/pypa/advisory-database/tree/main/vulns/untangle/PYSEC-2022-244.yaml
- https://github.com/stchris/untangle
- https://github.com/stchris/untangle/releases/tag/1.2.1
- https://jvn.jp/en/jp/JVN30454777/
- https://github.com/advisories/GHSA-f83q-2cp7-qrjg