- Description
- ZOO-Project is a C-based WPS (Web Processing Service) implementation. A path traversal vulnerability was discovered in Zoo-Project Echo example. The Echo example available by default in Zoo installs implements file caching, which can be controlled by user-given parameters. No input validation is performed in this parameter, which allows an attacker to fully control the file which is returned in the response. Patch was committed in November 22nd, 2024.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
- security-advisories@github.com
- CWE-434
- Hype score
- Not currently trending
The Nightmare Before Christmas: An arbitrary file download on Zoo-Project How XBOW autonomously found an arbitrary file download on Zoo-Project (CVE-2024-53982) https://t.co/wm40MQjnkH
@pentest_swissky
4 Mar 2025
629 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
XBOW found a critical path traversal vulnerability in ZOO-Project (CVE-2024-53982). The vulnerability exists in the Echo example (enabled by default) and allows an attacker to retrieve any file on the server. Users should upgrade to the latest version. https://t.co/J9BGM0AYJd
@Xbow
5 Dec 2024
12871 Impressions
6 Retweets
78 Likes
21 Bookmarks
2 Replies
3 Quotes
CVE-2024-53982 Path Traversal Vulnerability Found in ZOO-Project Echo Example ZOO-Project is a software for web processing. In ZOO-Project, there's a path traversal vulnerability in the Echo example. The Echo exa... https://t.co/sa8ebunOcM
@VulmonFeeds
5 Dec 2024
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-53982 ZOO-Project is a C-based WPS (Web Processing Service) implementation. A path traversal vulnerability was discovered in Zoo-Project Echo example. The Echo example avai… https://t.co/teBdeX8rvR
@CVEnew
4 Dec 2024
351 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-53982: HIGH] Path traversal vulnerability discovered in ZOO-Project's Echo example allows attackers to control files returned in responses due to lack of input validation. Patch released on November 22,...#cybersecurity,#vulnerability https://t.co/5rMDe7AeCW https://t.c
@CveFindCom
4 Dec 2024
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes