Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-1vru-s5v2-dbcq
Vulnerability ID VCID-1vru-s5v2-dbcq
Aliases CVE-2022-22931
GHSA-v84g-cf5j-xjqx
Summary Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include the maildir mailbox store and the Sieve file repository. This enables a user to access other users data stores (limited to user names being prefixed by the value of the username being used).
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-352 Cross-Site Request Forgery (CSRF)
System Score Found at
epss 0.02834 https://api.first.org/data/v1/epss?cve=CVE-2022-22931
epss 0.02834 https://api.first.org/data/v1/epss?cve=CVE-2022-22931
epss 0.02834 https://api.first.org/data/v1/epss?cve=CVE-2022-22931
epss 0.02834 https://api.first.org/data/v1/epss?cve=CVE-2022-22931
epss 0.02834 https://api.first.org/data/v1/epss?cve=CVE-2022-22931
epss 0.02834 https://api.first.org/data/v1/epss?cve=CVE-2022-22931
epss 0.02834 https://api.first.org/data/v1/epss?cve=CVE-2022-22931
epss 0.02834 https://api.first.org/data/v1/epss?cve=CVE-2022-22931
epss 0.02834 https://api.first.org/data/v1/epss?cve=CVE-2022-22931
epss 0.02834 https://api.first.org/data/v1/epss?cve=CVE-2022-22931
epss 0.02834 https://api.first.org/data/v1/epss?cve=CVE-2022-22931
epss 0.02834 https://api.first.org/data/v1/epss?cve=CVE-2022-22931
epss 0.02834 https://api.first.org/data/v1/epss?cve=CVE-2022-22931
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-v84g-cf5j-xjqx
generic_textual MODERATE https://github.com/apache/james-project
generic_textual MODERATE https://github.com/apache/james-project/pull/877
generic_textual MODERATE https://github.com/apache/james-project/pull/877/commits/b1e891a9e5eeadfa1d779ae50f21c73efe4d2fc7
generic_textual MODERATE https://lists.apache.org/thread/bp8yql4wws56jlh0vxoowj7foothsmpr
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2022-22931
generic_textual MODERATE https://www.openwall.com/lists/oss-security/2022/02/07/1
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-22931
https://github.com/apache/james-project
https://github.com/apache/james-project/pull/877
https://github.com/apache/james-project/pull/877/commits/b1e891a9e5eeadfa1d779ae50f21c73efe4d2fc7
https://lists.apache.org/thread/bp8yql4wws56jlh0vxoowj7foothsmpr
https://www.openwall.com/lists/oss-security/2022/02/07/1
CVE-2022-22931 https://nvd.nist.gov/vuln/detail/CVE-2022-22931
GHSA-v84g-cf5j-xjqx https://github.com/advisories/GHSA-v84g-cf5j-xjqx
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.86129
EPSS Score 0.02834
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:49:23.239045+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jamesframework/james/CVE-2022-22931.yml 38.0.0