{"id":"CVE-2024-42499","details":"Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an attacker may be able to know whether a file exists at a specific path, and/or obtain some part of the file contents under specific conditions.","aliases":["GHSA-q297-5ff8-hc92"],"modified":"2026-05-18T05:57:54.687042114Z","published":"2024-11-15T05:26:23.645Z","database_specific":{"cwe_ids":["CWE-22"],"cna_assigner":"jpcert","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42499.json"},"references":[{"type":"WEB","url":"https://fitnesse.org/FitNesseDownload"},{"type":"WEB","url":"https://github.com/unclebob/fitnesse/releases/tag/20241026"},{"type":"WEB","url":"https://jvn.jp/en/jp/JVN36791327/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42499.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42499"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/unclebob/fitnesse","events":[{"introduced":"0"},{"fixed":"c753e66ba16287ae766b01f6ec492d4680a65d6c"}]}],"versions":["20241023","20240707","20240219","20231203","20231029","20230503","20221219","20221102","20220815","20220319","20211030","20211006","20210606","20210605","20210516","20210410","20201213","20200501","20200404","20200308","20200307","20200304","20200205","20200128","20200108","20191229","20191217","20191110","20190716","20190628","20190620","20190508","20190428","20190421","20190418","20190417","20190416","20190409","20190406","20190224","20190216","20190202","20190127","20190119","20190118","20190110","20181224","20181223","20181222","20181221","20180127","20171212","20171210","20171015","20161106","20161105","20160618","20160515","20151230","20150814","20150424","20150226","20150223","20150218","20150217","20150202","20150119","20150114","20150106","v20140203","20140201","v20140130","v20131119","20131110","v20131016","v20131015","v20121009","v20131003","v20131001","v20130911","20130530","20110104","20090112","20100103","20091121","20090818","20090513","20090321","20090214"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42499.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}