Описание
MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer CGI).
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| mapserver | fixed | 7.6.3-1~exp1 | experimental | package |
| mapserver | fixed | 7.6.2-2 | package | |
| mapserver | ignored | bullseye | package | |
| mapserver | no-dsa | buster | package | |
| mapserver | postponed | stretch | package |
Примечания
https://github.com/mapserver/mapserver/issues/6313
https://github.com/MapServer/MapServer/pull/6314
https://github.com/mapserver/mapserver/commit/927ac97cb9ece305306b5ab2b5600d3afe8c1732 (branch-7-6)
https://github.com/mapserver/mapserver/commit/7db7cbb26b6bc6e651db268e9536836a56e6825a (branch-7-2)
https://github.com/mapserver/mapserver/commit/82a3eb5f6c8f75cedd095b909cc4990f3d8a99e1 (branch-7-0)
Fixed in 7.0.8, 7.2.3, 7.4.5, 7.6.3
EPSS
Связанные уязвимости
MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer CGI).
MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer CGI).
MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer CGI).
EPSS