VYPR
Low severity2.7OSV Advisory· Published Mar 21, 2019· Updated Jun 17, 2026

CVE-2019-9889

CVE-2019-9889

Description

In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of the web server.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Vanilla OS/VanillaOSV2 versions
    Vanilla_2.6.1, Vanilla_2.6.3, list+ 1 more
    • (no CPE)range: Vanilla_2.6.1, Vanilla_2.6.3, list
    • (no CPE)range: <2.6.4

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.