CVE-2018-1000850: Input Validation

Published Oct 21, 2018
·
Updated

A directory traversal vulnerability was found in retrofit that can allow for resource manipulation. An attacker can add or remove resources which should not be available to him.

References:

https://github.com/square/retrofit/blob/master/CHANGELOG.md https://github.com/square/retrofit/commit/b9a7f6ad72073ddd40254c0058710e87a073047d#diff-943ec7ed35e68201824904d1dc0ec982 https://ihacktoprotect.com/post/retrofit-path-traversal/

Other sources

A flaw was found in Retrofit, where it allowed directory traversal via its RequestBuilder class. An attacker could use this flaw to access information or commands outside of its set permissions.

Square Retrofit could allow a remote attacker to traverse directories on the system, caused by improper input validation by the RequestBuilder class. An attacker could send a specially-crafted URL request to containing "dot dot" sequences (/../) to add or delete arbitrary files on the system.

IBM

Square Retrofit version versions from (including) 2.0 and 2.5.0 (excluding) contains a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter that can result in By manipulating the URL an attacker could add or delete resources otherwise unavailable to her.. This attack appear to be exploitable via An attacker should have access to an encoded path parameter on POST, PUT or DELETE request.. This vulnerability appears to have been fixed in 2.5.0 and later.

Affected Software

3 affected componentsFixes available
squareup Retrofit>=2.0.0<2.5.0
redhat/retrofit<2.5.0
2.5.0
IBM GDE<=3.0.0.2

Remediation

Patch Available

https://github.com/square/retrofit/commit/b9a7f6ad72073ddd40254c0058710e87a073047d#diff-943ec7ed35e68201824904d1dc0ec982

Event History

Oct 21, 2018
CVE Published
12:00 AM
Data Sourced
12:00 AM
RemedyDescriptionSeverityWeaknessAffected Software
Dec 20, 2018
CVE Published
via MITRE·03:00 PM
Data Sourced
via MITRE·03:00 PM
Description
Jan 7, 2019
Data Sourced
via Red Hat·09:47 AM
DescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is CVE-2018-1000850?

CVE-2018-1000850 is a vulnerability in Square Retrofit that allows directory traversal via its RequestBuilder class.

2

What is the severity of CVE-2018-1000850?

The severity of CVE-2018-1000850 is high, with a CVSS score of 8.1.

3

How does CVE-2018-1000850 work?

CVE-2018-1000850 allows an attacker to manipulate the URL in Retrofit's RequestBuilder class to add or delete resources that are otherwise unavailable.

4

Which versions of Retrofit are affected by CVE-2018-1000850?

Retrofit versions from 2.0 to (excluding) 2.5.0 are affected by CVE-2018-1000850.

5

How can I fix CVE-2018-1000850?

To fix CVE-2018-1000850, update to Retrofit version 2.5.0 or later.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203