CVE-2022-41905

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-41905

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41905.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-41905

Aliases

Published

2022-11-11T21:15:09Z

Modified

2024-05-30T03:51:13.081282Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting (XSS) attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set dir_browser.enable = False in the configuration.

References

Affected packages

Git / github.com/mar10/wsgidav

Affected ranges

Type: GIT
Repo: https://github.com/mar10/wsgidav
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e9606ab0f42f4c1a6611bc3c52de299b0aba7726

Affected versions

0.*

0.5.0

1.*

1.0.0

1.1.0

v1.*

v1.2.0

v1.3.0

v2.*

v2.0.0

v2.0.1

v2.1.0

v2.2.1

v2.2.2

v2.2.4

v2.3.0

v3.*

v3.0.0

v3.0.0a1

v3.0.0a2

v3.0.0a3

v3.0.0a4

v3.0.0a5

v3.0.0a6

v3.0.0a7

v3.0.1

v3.0.2

v3.0.3

v3.0.5-a1

v3.0.5-a2

v3.0.5-a3

v3.1.0

v3.1.1

v4.*

v4.0.0

v4.0.0-a2

v4.0.1

v4.0.2