FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mat2 -- directory traversal/arbitrary file read during ZIP file processing

Affected packages
mat2 < 0.13.0

Details

VuXML ID 830855f3-ffcc-11ec-9d41-d05099c8b5a7
Discovery 2022-07-08
Entry 2022-07-10

mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. This primarily affects mat2 web instances, in which clients could obtain sensitive information via a crafted archive.

References

CVE Name CVE-2022-35410
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35410