CVE-2017-15363

HIGH7.5EPSS 71.1%

Luracast Restler directory traversal vulnerability

Published: 5/13/2022Modified: 4/23/2025

Description

Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used in the restler extension before 1.7.1 for TYPO3, allows remote attackers to read arbitrary files via the file parameter.

Affected packages (2)

Packagist/aoe/restlerfrom 0, < 1.7.1
Packagist/luracast/restlerfrom 0, < 3.1.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-15363
PATCHhttps://github.com/AOEpeople/TYPO3_Restler
WEBhttps://extensions.typo3.org/extension/restler
WEBhttps://github.com/AOEpeople/TYPO3_Restler/releases/tag/1.7.1