How severe is CVE-2024-38358?

This vulnerability has a severity rating of LOW with a CVSS score of 2.9 out of 10.

What type of vulnerability is CVE-2024-38358?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2024-38358 - LOW Severity | CVSS 2.9

Vulnerability Description

Wasmer is a web assembly (wasm) Runtime supporting WASIX, WASI and Emscripten. If the preopened directory has a symlink pointing outside, WASI programs can traverse the symlink and access host filesystem if the caller sets both `oflags::creat` and `rights::fd_write`. Programs can also crash the runtime by creating a symlink pointing outside with `path_symlink` and `path_open`ing the link. This issue has been addressed in commit `b9483d022` which has been included in release version 4.3.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2023-25186

LOW

CVSS:2.8(Low)

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from a Nokia Single RAN BTS baseband unit, a directory p...

CWE-222023

CVE-2023-41825

LOW

CVSS:2.8(Low)

A path traversal vulnerability was reported in the Motorola Ready For application that could allow a local attacker to access local files.

CWE-222023

CVE-2025-44021

LOW

CVSS:2.8(Low)

OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling (if a deployment was performed via the API). A malicious project assigned as a node owner can prov...

CWE-222025

CVE-2016-1212

LOW

CVSS:2.7(Low)

Directory traversal vulnerability in futomi MP Form Mail CGI Professional Edition 3.2.3 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors.

CWE-222016

CVE-2016-3972

LOW

CVSS:2.7(Low)

Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter.

CWE-222016

CVE-2018-16237

LOW

CVSS:2.7(Low)

An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI.

CWE-222018