CVE-2021-32062

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-32062
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32062.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-32062
Downstream
Related
Published
2021-05-06T13:15:12Z
Modified
2025-10-21T06:22:12.517752Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MSMAPNOPATH and MSMAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer CGI).

References

Affected packages

Git / github.com/mapserver/mapserver

Affected ranges

Type
GIT
Repo
https://github.com/mapserver/mapserver
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
cb59297fad33d8d2498f74be2c0cba5522694201

Affected versions

6.*

6.0.3

Other

rel-3-4
rel-3-5-0
rel-4-0-0
rel-4-10-0
rel-4-10-0-beta1
rel-4-10-0-beta2
rel-4-10-0-beta3
rel-4-10-0-rc1
rel-4-4-0
rel-4-4-0-beta1
rel-4-4-0-beta2
rel-4-4-0-beta3
rel-4-6-0
rel-4-6-0-beta1
rel-4-6-0-beta2
rel-4-6-0-beta3
rel-4-6-0-rc1
rel-4-8-0-beta1
rel-4-8-0-beta2
rel-4-8-0-beta3
rel-4-8-0-rc2
rel-6-0-3-0
rel-6-2-0
rel-6-2-0-beta1
rel-6-2-0-beta2
rel-6-2-0-beta3
rel-6-2-0-beta4
rel-6-2-0-rc1
rel-6-2-1
rel-6-2-2
rel-6-4-0
rel-6-4-0-beta1
rel-6-4-0-beta2
rel-6-4-0-rc1
rel-6-4-1
rel-6-4-2
rel-6-4-3
rel-6-4-4
rel-7-0-0
rel-7-0-0-beta1
rel-7-0-0-beta2
rel-7-0-1
rel-7-0-2
rel-7-0-3
rel-7-0-4
rel-7-0-5
rel-7-0-6
rel-7-0-7
styleObj