{"id":"CVE-2022-31372","details":"Wiris Mathtype v7.28.0 was discovered to contain a path traversal vulnerability in the resourceFile parameter. This vulnerability is exploited via a crafted request to the resource handler.","modified":"2026-04-10T04:48:00.756028Z","published":"2022-06-16T14:15:09.070Z","references":[{"type":"FIX","url":"https://github.com/wiris/moodle-filter_wiris/commit/037ce9c1d9b9642689a332b6ebee8eaf0a737576"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wiris/moodle-filter_wiris","events":[{"introduced":"0"},{"last_affected":"c55e39c8f093dfc384951fe512d4e9a46cdb7144"},{"fixed":"037ce9c1d9b9642689a332b6ebee8eaf0a737576"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"7.28.0"}]}}],"versions":["4.2.0","7.19.0-beta.2","7.19.0-beta.4","v.3.57.0.1169","v.3.57.0.1170","v.3.57.1.1171","v.3.57.2.1301","v.3.57.2.1303","v.3.57.3.1305","v.3.58.0.1306","v.3.59.0.1309","v.3.59.1.1310","v.3.61.0.1317","v.3.61.1.1318","v.3.61.2.1319","v.3.62.0.1320","v.3.62.1.1322","v.3.63.1.1322","v.3.64.0.1325","v.4.1.0.1357","v.4.1.1.1360","v.4.1.1.1361","v.4.10.0","v.4.11.0","v.4.12.0","v.4.2.0","v.4.3.0","v.4.3.1","v.4.4.0","v.4.4.1","v.4.5.0","v.4.6.0","v.4.7.0","v.4.8.0","v.4.8.1","v.4.9.0","v.4.9.1","v.7.0.0","v.7.1.0","v.7.10.0","v.7.11.0","v.7.12.0","v.7.13.0","v.7.14.0","v.7.15.0","v.7.16.0","v.7.17.0","v.7.18.0","v.7.19.0-beta.0","v.7.2.0","v.7.21.0","v.7.26.0","v.7.26.1","v.7.27.0","v.7.27.1","v.7.28.0","v.7.3.0","v.7.4.0","v.7.5.0","v.7.6.0","v.7.6.1","v.7.7.0","v.7.7.1","v.7.7.2","v.7.8.0","v.7.9.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31372.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}