How severe is CVE-2019-5624?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.4 out of 10.

What type of vulnerability is CVE-2019-5624?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2019-5624 - HIGH Severity | CVSS 7.4

Vulnerability Description

Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level of the user running Metasploit. This issue affects: Rapid7 Metasploit Framework version 4.14.0 and prior versions.

Related Vulnerabilities

CVE-2016-2087

HIGH

CVSS:7.4(High)

Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name.

CWE-222016

CVE-2019-8320

HIGH

CVSS:7.4(High)

A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files (which now include path-checking code for symlinks), it would dele...

CWE-222019

CVE-2021-20218

HIGH

CVSS:7.4(High)

A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to ext...

CWE-222021

CVE-2023-2316

HIGH

CVSS:7.4(High)

Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/<absolute-path>". This vul...

CWE-222023

CVE-2024-29180

HIGH

CVSS:7.4(High)

Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. It is ...

CWE-222024

CVE-2024-47027

HIGH

CVSS:7.4(High)

In sm_mem_compat_get_vmm_obj of lib/sm/shared_mem.c, there is a possible arbitrary physical memory access due to improper input validation. This could lead to local escalation of privilege with no add...

CWE-222024