High severity7.5OSV Advisory· Published Jan 4, 2024· Updated Jun 17, 2026
CVE-2024-22050
CVE-2024-22050
Description
Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
iodineRubyGems | < 0.7.34 | 0.7.34 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-85rf-xh54-whp3nvdPatchThird Party AdvisoryADVISORY
- github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889nvdPatchWEB
- vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3nvdPatchThird Party Advisory
- github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2024-22050ghsaADVISORY
- github.com/rubysec/ruby-advisory-db/blob/master/gems/iodine/CVE-2024-22050.ymlghsaWEB
News mentions
0No linked articles in our index yet.