What is GHSA-hvmh-vjjx-rw3h?

GHSA-hvmh-vjjx-rw3h is a security advisory published by GitHub Security Advisories with Medium severity. CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an...

Which CVE IDs does GHSA-hvmh-vjjx-rw3h cover?

GHSA-hvmh-vjjx-rw3h covers the following CVE IDs: CVE-2026-34657. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-hvmh-vjjx-rw3h?

GHSA-hvmh-vjjx-rw3h has a CVSS v3 base score of 5.5, published by GitHub Security Advisories.

GHSA-hvmh-vjjx-rw3hMediumCVSS 5.5

CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an...

Vendor

GitHub Security Advisories

Published

June 10, 2026

Last Modified

June 10, 2026

🔗 CVE IDs covered (1)

CVE-2026-34657 →

📋 Description

CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in an arbitrary file system write. An attacker could leverage this vulnerability to write to unauthorized files or directories outside of intended restrictions. Exploitation of this issue requires user interaction in that a victim must extract a maliciously crafted file.

🔗 References (3)

https://nvd.nist.gov/vuln/detail/CVE-2026-34657
https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-61.html
https://github.com/advisories/GHSA-hvmh-vjjx-rw3h