Unrated severityNVD Advisory· Published Nov 23, 2022· Updated Apr 25, 2025

CVE-2022-45866

Description

qpress before PierreLvx/qpress 20220819 and before version 11.3, as used in Percona XtraBackup and other products, allows directory traversal via ../ in a .qp file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

PierreLvx/qpressdescription
PierreLvx/qpressllm-create
Range: < 20220819, < 11.3
Percona/Xtrabackupllm-fuzzy

Patches

Vulnerability mechanics

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQWF7635AJSDKEIGLB73XAH643POGTFY/mitrevendor-advisory
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4RXO3VYIFRTNIFHWIAZWND6ZXQ5OYOB/mitrevendor-advisory
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UUZ73XT2FXLHC7I4ODLOVB4O4QN7Q7JB/mitrevendor-advisory
github.com/EvgeniyPatlan/qpress/commit/ddb312090ebd5794e81bc6fb1dfb4e79eda48761mitre
github.com/PierreLvx/qpress/compare/20170415...20220819mitre
github.com/PierreLvx/qpress/pull/6mitre
github.com/percona/percona-xtrabackup/pull/1366mitre
pkgs.org/download/qpressmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000