Опубликовано: 01 мая 2022
Источник: github
Github: Прошло ревью
CVSS4: 8.7
CVSS3: 7.5
Описание
CherryPy Directory traversal vulnerability
Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2006-0847
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24809
- https://github.com/pypa/advisory-database/tree/main/vulns/cherrypy/PYSEC-2006-1.yaml
- https://web.archive.org/web/20140724140216/http://secunia.com/advisories/18944
- https://web.archive.org/web/20140803230356/http://secunia.com/advisories/20344
- https://web.archive.org/web/20200302050730/http://www.securityfocus.com/bid/16760
- http://groups.google.com/group/cherrypy-announce/browse_thread/thread/92b2972f774fe6df/2f63afc9433dc306#2f63afc9433dc306
- http://sourceforge.net/project/shownotes.php?release_id=384316&group_id=56099
- http://www.cherrypy.org
- http://www.gentoo.org/security/en/glsa/glsa-200605-16.xml
Пакеты
Наименование
cherrypy
pip
Затронутые версииВерсия исправления
< 2.1.1
2.1.1
Связанные уязвимости
ubuntu
больше 19 лет назад
Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors.
nvd
больше 19 лет назад
Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors.
debian
больше 19 лет назад
Directory traversal vulnerability in the staticfilter component in Che ...