{"id":"CVE-2017-15363","details":"Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used in the restler extension before 1.7.1 for TYPO3, allows remote attackers to read arbitrary files via the file parameter.","aliases":["GHSA-rvmg-xc29-rvxf"],"modified":"2026-04-10T03:57:31.063491Z","published":"2017-10-15T19:29:00.217Z","references":[{"type":"ADVISORY","url":"https://extensions.typo3.org/extension/download/restler/1.7.1/zip/"},{"type":"ADVISORY","url":"https://extensions.typo3.org/extension/restler/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/luracast/restler","events":[{"introduced":"0"},{"fixed":"e82d5622f5a1798c3c208867184a469fb4fd445c"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.0.0"}]}}],"versions":["3.0.0-RC3","3.0.0-RC4"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"1.7.1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15363.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}