GHSA-2m4q-2c6r-hmc3
Suggest an improvement- Source
- https://github.com/advisories/GHSA-2m4q-2c6r-hmc3
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-2m4q-2c6r-hmc3/GHSA-2m4q-2c6r-hmc3.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-2m4q-2c6r-hmc3
- Aliases
-
- CVE-2025-2961
- Published
- 2025-03-31T00:30:33Z
- Modified
- 2025-03-31T17:04:47.044893Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
- Summary
- Solon Vulnerable to Path Traversal
- Details
-
A vulnerability classified as problematic was found in opensolon up to 3.1.0. This vulnerability affects the function render_mav of the file /aa of the component org.noear.solon.core.handle.RenderManager. The manipulation of the argument template with the input ../org/example/HelloApp.class leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
- Database specific
{ "nvd_published_at": "2025-03-30T22:15:15Z", "cwe_ids": [ "CWE-23" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2025-03-31T16:42:28Z" }- References
Affected packages
Maven / org.noear:solon-view
Package
- Name
- org.noear:solon-view
- View open source insights on deps.dev
- Purl
- pkg:maven/org.noear/solon-view
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected3.1.0
Affected versions
2.*
2.9.2-M1
2.9.2-M2
2.9.2
2.9.3
2.9.4
2.9.5-M1
2.9.5-M2
3.*
3.0.0-M1
3.0.0-M2
3.0.0-M3
3.0.0-M4
3.0.0-RC
3.0.0-RC2
3.0.0-RC3
3.0.0
3.0.1-M1
3.0.1-M2
3.0.1-M3
3.0.1
3.0.2-M1
3.0.2-M2
3.0.2-M3
3.0.2-M4
3.0.2-M5
3.0.2-M6
3.0.2-M7
3.0.2-RC
3.0.2-RC2
3.0.2-RC3
3.0.2
3.0.3-M1
3.0.3-M2
3.0.3-M3
3.0.3-M4
3.0.3-RC
3.0.3
3.0.4-M1
3.0.4-M2
3.0.4-RC
3.0.4-RC2
3.0.4
3.0.4.1
3.0.5-M1
3.0.5-M2
3.0.5-M3
3.0.5
3.0.6-M1
3.0.6-M2
3.0.6-M3
3.0.6-RC
3.0.6-RC2
3.0.6
3.0.7-M1
3.0.7
3.0.8-M1
3.0.8-M2
3.0.8
3.0.9-M1
3.0.9-M2
3.0.9
3.0.10-M1
3.0.10
3.1.0-M1
3.1.0-M2
3.1.0-M3
3.1.0-RC
3.1.0