CVE-2019-15520
Description
comelz Quark before 2019-03-26 allows directory traversal to locations outside of the project directory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Directory traversal in comelz Quark before 2019-03-26 allows reading files outside the project directory.
Vulnerability
Directory traversal vulnerability in comelz Quark versions before 2019-03-26 allows an attacker to read files outside the project directory by using path traversal sequences such as .. or / in the project name [1].
Exploitation
An attacker needs to supply a crafted project name containing directory traversal characters (e.g., ../) when interacting with the Quark application or API. No authentication is required if the endpoint is publicly accessible. The traversal is partially allowed for compatibility with subprojects that rely on this behavior, but escaping the project root is blocked [1].
Impact
Successful exploitation enables an attacker to read arbitrary files outside the intended project directory, leading to information disclosure of sensitive files on the server [1].
Mitigation
The vulnerability was fixed in commit on 2019-03-26 via pull request #18 [1]. Users should update to a version after that date. No workaround is mentioned.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- comelz/Quarkdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/comelz/quark/pull/18mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.