CVE-2020-25074

The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution.

References

Affected packages

Git / github.com/moinwiki/moin-1.9

Affected ranges

Type

GIT

Repo

https://github.com/moinwiki/moin-1.9

Events

Introduced

Last affected

23f0d7279d81c502ef637bffb3a3b2c9f1fdf35c

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.9.10"
        }
    ]
}

Affected versions

1.*

1.5.0

1.5.0beta1

1.5.0beta2

1.5.0beta3

1.5.0beta4

1.5.0beta5

1.5.0beta6

1.5.0rc1

1.5.1

1.5.2

1.5.2rc1

1.5.3

1.5.3-rc1

1.5.3-rc2

1.6a

1.7.0

1.7.0beta1

1.7.0beta2

1.7.0rc1

1.7.0rc2

1.7.0rc3

1.7.1

1.7.2

1.7.3

1.8.0

1.8.0beta1

1.8.0beta2

1.8.0beta3

1.8.0rc1

1.8.1

1.8.2

1.8.3

1.8.4

1.8.5

1.8.6

1.8.7

1.9.0

1.9.0beta1

1.9.0beta2

1.9.0beta3

1.9.0beta4

1.9.0rc1

1.9.0rc2

1.9.1

1.9.10

1.9.2

1.9.3

1.9.4

1.9.5

1.9.6

1.9.7

1.9.8

1.9.9

Other

SOC2006-START

SOC2007-START

SOC2008-END

SOC2008-START

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25074.json"