How severe is CVE-2023-39916?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2023-39916?

This is classified as CWE-35, which is a common weakness in software security.

CVE-2023-39916 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP requests. The location of these stored responses is constructed from the URL of the request. Due to insufficient sanitation of the URL, it is possible for an attacker to craft a URL that results in the response being stored outside of the directory specified for it.

Related Vulnerabilities

CVE-2021-1355

MEDIUM

CVSS:6.5(Medium)

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on ...

CWE-352021

CVE-2021-1357

MEDIUM

CVSS:6.5(Medium)

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on ...

CWE-352021

CVE-2023-21416

MEDIUM

CVSS:6.5(Medium)

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the ove...

CWE-352023

CVE-2023-5885

MEDIUM

CVSS:6.5(Medium)

The discontinued FFS Colibri product allows a remote user to access files on the system including files containing login credentials for other users.

CWE-352023

CVE-2024-10857

MEDIUM

CVSS:6.5(Medium)

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.9 via the handle_downloads() function due to insufficient fil...

CWE-352024

CVE-2024-12087

MEDIUM

CVSS:6.5(Medium)

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even i...

CWE-352024