Описание
Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before 1.5.0-beta2, when the file.dir directive is enabled, allows remote attackers to read arbitrary files via a crafted URL.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| h2o | not-affected | package |
Примечания
https://github.com/h2o/h2o/issues/921
EPSS
Процентиль: 47%
0.00242
Низкий
Связанные уязвимости
nvd
больше 10 лет назад
Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before 1.5.0-beta2, when the file.dir directive is enabled, allows remote attackers to read arbitrary files via a crafted URL.
github
больше 3 лет назад
Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before 1.5.0-beta2, when the file.dir directive is enabled, allows remote attackers to read arbitrary files via a crafted URL.
EPSS
Процентиль: 47%
0.00242
Низкий