CVE-2024-1163 - Vulnerability Details - OpenCVE

The attacker may exploit a path traversal vulnerability leading to information disclosure.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Mapshaper	Mapshaper

Configuration 1 [-]

cpe:2.3:a:mapshaper:mapshaper:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/mbloch/mapshaper/commit/7437d903c0a87802c3751fc529d2de7098094c72
https://huntr.com/bounties/c1cbc18b-e4ab-4332-ad13-0033f0f976f5

History

Fri, 09 May 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sun, 03 Nov 2024 19:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-400

Sun, 03 Nov 2024 18:30:00 +0000

Type	Values Removed	Values Added
Description	Uncontrolled Resource Consumption in GitHub repository mbloch/mapshaper prior to 0.6.44.	The attacker may exploit a path traversal vulnerability leading to information disclosure.
Title	Uncontrolled Resource Consumption in mbloch/mapshaper	Path traversal vulnerability in mapshaper

Fri, 18 Oct 2024 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mapshaper Mapshaper mapshaper
Weaknesses		CWE-22
CPEs		cpe:2.3:a:mapshaper:mapshaper::::::::
Vendors & Products		Mapshaper Mapshaper mapshaper
Metrics		cvssV3_1 `{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-02-13T14:36:26.882Z

Updated: 2025-05-09T18:17:25.441Z

Reserved: 2024-02-01T17:02:34.186Z

Link: CVE-2024-1163

Vulnrichment

Updated: 2024-08-01T18:33:24.163Z

NVD

Status : Modified

Published: 2024-02-13T15:15:08.647

Modified: 2024-11-21T08:49:56.403

Link: CVE-2024-1163

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1163", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-02-01T17:02:34.186Z", "datePublished": "2024-02-13T14:36:26.882Z", "dateUpdated": "2025-05-09T18:17:25.441Z"}, "containers": {"cna": {"title": "Path traversal vulnerability in mapshaper", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-11-03T18:27:21.145Z"}, "descriptions": [{"lang": "en", "value": "The attacker may exploit a path traversal vulnerability leading to information disclosure."}], "affected": [{"vendor": "mbloch", "product": "mbloch/mapshaper", "versions": [{"version": "unspecified", "lessThan": "0.6.44", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/c1cbc18b-e4ab-4332-ad13-0033f0f976f5"}, {"url": "https://github.com/mbloch/mapshaper/commit/7437d903c0a87802c3751fc529d2de7098094c72"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "baseScore": 7.7, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22"}]}], "source": {"advisory": "c1cbc18b-e4ab-4332-ad13-0033f0f976f5", "discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:33:24.163Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/c1cbc18b-e4ab-4332-ad13-0033f0f976f5", "tags": ["x_transferred"]}, {"url": "https://github.com/mbloch/mapshaper/commit/7437d903c0a87802c3751fc529d2de7098094c72", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-02-29T17:34:57.101294Z", "id": "CVE-2024-1163", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-09T18:17:25.441Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1163", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-02-01T17:02:34.186Z", "datePublished": "2024-02-13T14:36:26.882Z", "dateUpdated": "2025-05-09T18:17:25.441Z"}, "containers": {"cna": {"title": "Path traversal vulnerability in mapshaper", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-11-03T18:27:21.145Z"}, "descriptions": [{"lang": "en", "value": "The attacker may exploit a path traversal vulnerability leading to information disclosure."}], "affected": [{"vendor": "mbloch", "product": "mbloch/mapshaper", "versions": [{"version": "unspecified", "lessThan": "0.6.44", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/c1cbc18b-e4ab-4332-ad13-0033f0f976f5"}, {"url": "https://github.com/mbloch/mapshaper/commit/7437d903c0a87802c3751fc529d2de7098094c72"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "baseScore": 7.7, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22"}]}], "source": {"advisory": "c1cbc18b-e4ab-4332-ad13-0033f0f976f5", "discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:33:24.163Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/c1cbc18b-e4ab-4332-ad13-0033f0f976f5", "tags": ["x_transferred"]}, {"url": "https://github.com/mbloch/mapshaper/commit/7437d903c0a87802c3751fc529d2de7098094c72", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1163", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-29T17:34:57.101294Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-09T18:17:21.203Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mapshaper:mapshaper:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C0BC089-9749-4322-8AD3-38188654AF4E", "versionEndExcluding": "0.6.44", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The attacker may exploit a path traversal vulnerability leading to information disclosure."}, {"lang": "es", "value": "Path Traversal en el repositorio de GitHub bloch/mapshaper anterior a 0.6.44."}], "id": "CVE-2024-1163", "lastModified": "2024-11-21T08:49:56.403", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.5, "impactScore": 5.2, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-13T15:15:08.647", "references": [{"source": "security@huntr.dev", "tags": ["Patch"], "url": "https://github.com/mbloch/mapshaper/commit/7437d903c0a87802c3751fc529d2de7098094c72"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/c1cbc18b-e4ab-4332-ad13-0033f0f976f5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/mbloch/mapshaper/commit/7437d903c0a87802c3751fc529d2de7098094c72"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/c1cbc18b-e4ab-4332-ad13-0033f0f976f5"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@huntr.dev", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}