VYPR
High severityNVD Advisory· Published Oct 11, 2022· Updated Apr 23, 2025

Path traversal in MelisAssetManager

CVE-2022-39296

Description

MelisAssetManager provides deliveries of Melis Platform's assets located in every module's public folder. Attackers can read arbitrary files on affected versions of melisplatform/melis-asset-manager, leading to the disclosure of sensitive information. Conducting this attack does not require authentication. Users should immediately upgrade to melisplatform/melis-asset-manager >= 5.0.1. This issue was addressed by restricting access to files to intended directories only.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
melisplatform/melis-asset-managerPackagist
< 5.0.15.0.1

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.