How severe is CVE-2023-51651?

This vulnerability has a severity rating of LOW with a CVSS score of 3.3 out of 10.

What type of vulnerability is CVE-2023-51651?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2023-51651 - LOW Severity | CVSS 3.3

Vulnerability Description

AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the `buildEndpoint` method in the RestSerializer component of the AWS SDK for PHP v3 prior to 3.288.1. The `buildEndpoint` method relies on the Guzzle Psr7 UriResolver utility, which strips dot segments from the request path in accordance with RFC 3986. Under certain conditions, this could lead to an arbitrary object being accessed. This issue has been patched in version 3.288.1.

Related Vulnerabilities

CVE-2017-18196

LOW

CVSS:3.3(Low)

Leptonica 1.74.4 constructs unintended pathnames (containing duplicated path components) when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restricti...

CWE-222017

CVE-2018-0660

LOW

CVSS:3.3(Low)

Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create arbitrary files via specially crafted ATC file.

CWE-222018

CVE-2020-15703

LOW

CVSS:3.3(Low)

There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in...

CWE-222020

CVE-2020-16116

LOW

CVSS:3.3(Low)

In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.

CWE-222020

CVE-2021-43264

LOW

CVSS:3.3(Low)

In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, adjusting the path component for the page help file allows attackers to bypass the intended access control for HTML files via directory travers...

CWE-222021

CVE-2022-28784

LOW

CVSS:3.3(Low)

Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of...

CWE-222022