7.8

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2022-4772

GHSA ID

GHSA-jj8r-jw42-mw4w

EPSS Score

0.12958%

CWE

CWE-22

Published

12/28/2022

Updated

2/2/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-4772

CVE-2022-4772: Widoco Path Traversal vulnerability

A vulnerability was found in Widoco and classified as critical. Affected by this issue is the function unZipIt of the file src/main/java/widoco/WidocoUtils.java. The manipulation leads to path traversal. It is possible to launch the attack on the local host. The name of the patch is f2279b76827f32190adfa9bd5229b7d5a147fa92. It is recommended to apply a patch to fix this issue. VDB-216914 is the identifier assigned to this vulnerability.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2022-4772

CVE-2022-4772:

7.8

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2022-4772

GHSA ID

GHSA-jj8r-jw42-mw4w

EPSS Score

0.12958%

CWE

CWE-22

Published

12/28/2022

Updated

2/2/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
com.github.dgarijo:Widoco	maven	<= 1.4.17

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability is explicitly attributed to the unZipIt function in multiple sources. The commit diff shows:

The original path construction was vulnerable to concatenation attacks
No path containment check existed before extraction
The patch adds critical path normalization and validation (newFile.toPath().normalize().startsWith()). The CWE-22 mapping and Zip Slip vulnerability pattern match the described behavior. All authoritative sources (CVE, GHSA, commit message) directly implicate this function.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.8

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2022-4772: Widoco Path Traversal vulnerability

CVE-2022-4772:

7.8

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

CVE-2022-4772: Widoco Path Traversal vulnerability

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

7.8

7.8

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI