Publish GHSA-gv7f-w92j-383q

Author: advisory-database[bot]

…-gv7f-w92j-383q/GHSA-gv7f-w92j-383q.json …-gv7f-w92j-383q/GHSA-gv7f-w92j-383q.jsonadvisories/unreviewed/2026/03/GHSA-gv7f-w92j-383q/GHSA-gv7f-w92j-383q.json renamed to advisories/github-reviewed/2026/03/GHSA-gv7f-w92j-383q/GHSA-gv7f-w92j-383q.json advisories/unreviewed/2026/03/GHSA-gv7f-w92j-383q/GHSA-gv7f-w92j-383q.json renamed to advisories/github-reviewed/2026/03/GHSA-gv7f-w92j-383q/GHSA-gv7f-w92j-383q.json

@@ -1,14 +1,40 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gv7f-w92j-383q",
-  "modified": "2026-03-20T21:31:28Z",
+  "modified": "2026-03-20T21:53:19Z",
   "published": "2026-03-20T21:31:28Z",
   "aliases": [
     "CVE-2025-55988"
   ],
+  "summary": "DreamFactory has a directory traversal",
   "details": "An issue in the component /Controllers/RestController.php of DreamFactory Core v1.0.3 allows attackers to execute a directory traversal via an unsanitized URI path.",
-  "severity": [],
-  "affected": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "dreamfactory/df-core"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.0.4"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "type": "ADVISORY",
@@ -18,16 +44,22 @@
       "type": "WEB",
       "url": "https://github.com/dreamfactorysoftware/df-core/commit/54354605b2ec9afe6ee96756a5a22f6f56828950#diff-e57a7c0af25166ac8f02695307c6c413ca4ba0a48a20b2202ad910654528aab1"
     },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/dreamfactorysoftware/df-core"
+    },
     {
       "type": "WEB",
       "url": "https://pentest-tools.com/PTT-2025-001-RemoteCodeExecution-via-URL-Path-Traversal.pdf"
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
-    "github_reviewed": false,
-    "github_reviewed_at": null,
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-20T21:53:19Z",
     "nvd_published_at": "2026-03-20T21:17:12Z"
   }
 }