CVE-2018-1000850 — Directory Traversal vulnerability in Square Retrofit

Description

Square Retrofit versions from (including) 2.0 to 2.5.0 (excluding) contain a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter. By manipulating the URL an attacker could add or delete resources otherwise unavailable to her. This attack appears to be exploitable via an encoded path parameter on POST, PUT or DELETE request. This vulnerability appears to have been fixed in 2.5.0 and later.

How to fix CVE-2018-1000850

To remediate CVE-2018-1000850, upgrade the affected package to a fixed version below.

—upgrade to 2.5.0 or later

Is CVE-2018-1000850 being exploited?

Low — EPSS is 3.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

>= 2.0.0, < 2.5.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References (10)

ADVISORYgithub.com/advisories/GHSA-8p8g-f9vg-r7xr
ADVISORYnvd.nist.gov/vuln/detail/CVE-2018-1000850
PATCHgithub.com/square/retrofit
WEBaccess.redhat.com/errata/RHSA-2019:3892
WEB