CVE-2017-15363: Luracast Restler directory traversal vulnerability

May 13, 2022 (updated April 23, 2025)

Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used in the restler extension before 1.7.1 for TYPO3, allows remote attackers to read arbitrary files via the file parameter.

References

extensions.typo3.org/extension/restler
github.com/AOEpeople/TYPO3_Restler
github.com/AOEpeople/TYPO3_Restler/releases/tag/1.7.1
github.com/advisories/GHSA-rvmg-xc29-rvxf
nvd.nist.gov/vuln/detail/CVE-2017-15363

Code Behaviors & Features

Detect and mitigate CVE-2017-15363 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →