UNKNOWNCVE-2026-32725
SciTokens C++: Relative Path Traversal Vulnerability
Platform
cpp
Component
scitokens-cpp
Fixed in
1.4.1
SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass when processing path-based scopes in tokens. The library normalizes the scope path from the token before authorization and collapses ".." path components instead of rejecting them. As a result, an attacker can use parent-directory traversal in the scope claim to broaden the effective authorization beyond the intended directory. This issue has been patched in version 1.4.1.
How to fix
Actualice la biblioteca scitokens-cpp a la versión 1.4.1 o superior. Esta versión corrige la vulnerabilidad de path traversal al procesar los scopes basados en rutas en los tokens. La actualización evitará que un atacante pueda ampliar la autorización más allá del directorio previsto mediante la manipulación de las rutas en los scopes.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free