{"id":"CVE-2024-53566","details":"An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal.","modified":"2026-05-18T05:57:19.926846991Z","published":"2024-12-02T00:00:00Z","database_specific":{"cna_assigner":"mitre","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53566.json"},"references":[{"type":"WEB","url":"https://gist.github.com/hyp164D1/e7c0f44ffb38c00320aa1a6d98bee616"},{"type":"WEB","url":"https://github.com/asterisk/asterisk/blob/22/main/manager.c#L2556"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00003.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53566.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53566"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/asterisk/asterisk","events":[{"introduced":"0"},{"last_affected":"8e4a09f71162ebc1e4bb2159dfc638aa2328047c"},{"last_affected":"31b8dc09238d916be18d93dc7dda30711e636c17"},{"last_affected":"7c1687ba12c7a16c53d3a169eb997fae74c6037e"},{"last_affected":"4473ed52563f683c45637919f9b4330457a33814"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"22.0.0-NA"},{"last_affected":"22.0.0-pre1"},{"last_affected":"22.0.0-rc1"},{"last_affected":"22.0.0-rc2"}],"cpe":["cpe:2.3:a:sangoma:asterisk:22.0.0:-:*:*:*:*:*:*","cpe:2.3:a:sangoma:asterisk:22.0.0:pre1:*:*:*:*:*:*","cpe:2.3:a:sangoma:asterisk:22.0.0:rc1:*:*:*:*:*:*","cpe:2.3:a:sangoma:asterisk:22.0.0:rc2:*:*:*:*:*:*"],"source":"CPE_FIELD"}}],"versions":["22.0.0","22.0.0-rc2","22.0.0-rc1","22.0.0-pre1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53566.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}