-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from the sanitize_path function's incomplete path validation logic in Windows environments. The commit diff shows a specific addition of colon (':') validation in this function when cfg!(windows) is true. Prior to the patch, the function only checked for backslashes and '..' patterns but didn't account for colons, which are critical for Windows drive letter specification. This allowed URL paths containing segments like 'c:' to bypass directory restrictions and access arbitrary filesystem locations.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| warp | rust | < 0.3.3 | 0.3.3 |
RustRustKEV Misses 88% of Exploited CVEs- Get the report