{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "015c517a1e52ee93a6f83a24a601f50cb0b92cf1"
            }
          ],
          "repo": "https://github.com/thedevdojo/voyager",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "c6dad15f4eff4bad97a85488dcc93cbf795eb2f6"
            }
          ],
          "repo": "https://github.com/thedevdojo/voyager",
          "type": "GIT"
        }
      ]
    }
  ],
  "details": "Voyager 1.3.0 contains a directory traversal vulnerability that allows attackers to access sensitive system files by manipulating the asset path parameter. Attackers can exploit the path parameter in /admin/voyager-assets to read arbitrary files like /etc/passwd and .env configuration files.",
  "id": "CVE-2020-37214",
  "modified": "2026-03-14T13:50:08.927633547Z",
  "published": "2026-02-11T21:16:17.170Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/the-control-group/voyager/releases/tag/v1.2.7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/the-control-group/voyager/releases/tag/v1.3.0"
    },
    {
      "type": "WEB",
      "url": "https://voyager.devdojo.com/"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/47875"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.vulncheck.com/advisories/voyager-directory-traversal"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}