Количество 3
Количество 3
CVE-2023-40274
An issue was discovered in zola 0.13.0 through 0.17.2. The custom implementation of a web server, available via the "zola serve" command, allows directory traversal. The handle_request function, used by the server to process HTTP requests, does not account for sequences of special path control characters (../) in the URL when serving a file, which allows one to escape the webroot of the server and read arbitrary files from the filesystem.
CVE-2023-40274
An issue was discovered in zola 0.13.0 through 0.17.2. The custom impl ...
GHSA-xvv9-5j67-3rpq
zola Path Traversal vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-40274 An issue was discovered in zola 0.13.0 through 0.17.2. The custom implementation of a web server, available via the "zola serve" command, allows directory traversal. The handle_request function, used by the server to process HTTP requests, does not account for sequences of special path control characters (../) in the URL when serving a file, which allows one to escape the webroot of the server and read arbitrary files from the filesystem. | CVSS3: 7.5 | 2% Низкий | около 2 лет назад |
| CVE-2023-40274 An issue was discovered in zola 0.13.0 through 0.17.2. The custom impl ... | CVSS3: 7.5 | 2% Низкий | около 2 лет назад |
| GHSA-xvv9-5j67-3rpq zola Path Traversal vulnerability | CVSS3: 7.5 | 2% Низкий | около 2 лет назад |
Уязвимостей на страницу