Vulnerability Database

309,134

Total vulnerabilities in the database

Measured is vulnerable to Path Traversal attacks during class initialization

Impact

A path traversal vulnerability exists where an attacker with access to manipulate inputs when initializing the Measured::Cache::Json class would be able to instruct the library to read arbitrary files.

Patches

Users should update to the latest version.

Published: Jul 15, 2025
Updated: Jul 16, 2025
GHSA: GHSA-29g5-m8v7-v564
Severity: Medium
Exploit:

No technical information available.

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
measured	-	3.2.1

https://github.com/Shopify/measured/commit/d6319985a2304d97c085e3dc45c98af554f4be76
https://github.com/Shopify/measured/security/advisories/GHSA-29g5-m8v7-v564

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo