CVE-2021-35397

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-35397
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-35397.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-35397
Published
2021-08-04T11:15:08.003Z
Modified
2026-04-10T04:35:15.064184Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A path traversal vulnerability in the static router for Drogon from 1.0.0-beta14 to 1.6.0 could allow an unauthenticated, remote attacker to arbitrarily read files. The vulnerability is due to lack of proper input validation for requested path. An attacker could exploit this vulnerability by sending crafted HTTP request with specific path to read. Successful exploitation could allow the attacker to read files that should be restricted.

References

Affected packages

Git / github.com/drogonframework/drogon

Affected ranges

Type
GIT
Repo
https://github.com/drogonframework/drogon
Events
Introduced
fb17efe765d162be01680b05a3a387c7a182a4c5
Last affected
08351ccf98b75e9ee9c0281d94f4c99022e0ec6f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
bbb338bf12abed17c97ef9b2fba4584600001ed6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c9dd14bde585f5c4571f631126f1d98b3652f616
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3a2c472694b26402e9221eb8c2c83847051881b6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
6d6a7acd09f947b86001d6719c09472395a324ef
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
84e503a94830a942228e0f9166f8ddb3ce2baa1b
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2607f35687fc5cc4e3f86eff61512572b6a26446
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
dd66ba5a73049d755dee1ca8911e2927c28e8f32
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f0110a642dcd31db9f339a49cac34de77ccec06f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d59021ef9fbeff86f48eee06136fa834cb436f01
Database specific 
{
    "versions": [
        {
            "introduced": "1.1.0"
        },
        {
            "last_affected": "1.6.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0-beta14"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0-beta15"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0-beta16"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0-beta17"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0-beta18"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0-beta19"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0-beta20"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0-beta21"
        }
    ]
}

Affected versions

v1.*
v1.0.0
v1.0.0-beta1
v1.0.0-beta10
v1.0.0-beta11
v1.0.0-beta12
v1.0.0-beta13
v1.0.0-beta14
v1.0.0-beta15
v1.0.0-beta16
v1.0.0-beta17
v1.0.0-beta18
v1.0.0-beta19
v1.0.0-beta2
v1.0.0-beta20
v1.0.0-beta21
v1.0.0-beta3
v1.0.0-beta4
v1.0.0-beta5
v1.0.0-beta6
v1.0.0-beta7
v1.0.0-beta8
v1.0.0-beta9
v1.1.0
v1.2.0
v1.3.0
v1.4.0
v1.4.1
v1.5.0
v1.5.1
v1.6.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-35397.json"