#VU22873 Path traversal in Retrofit - CVE-2018-1000850
Published: November 20, 2019
Vulnerability identifier: #VU22873
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2018-1000850
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Retrofit
Retrofit
Software vendor:
Square
Square
Description
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences when processing POST, PUT or DELETE requests within the addPathParameter() method in RequestBuilder class. A remote attacker can trick the victim to follow a specially crafted URL and gain access to otherwise restricted resources.
Remediation
Install updates from vendor's website.
External links
- https://github.com/square/retrofit/blob/master/CHANGELOG.md
- https://github.com/square/retrofit/commit/b9a7f6ad72073ddd40254c0058710e87a073047d#diff-943ec7ed35e68201824904d1dc0ec982
- https://ihacktoprotect.com/post/retrofit-path-traversal/
- https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
- https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E