GHSA-4r6g-xhx7-fm36
Suggest an improvement- Source
- https://github.com/advisories/GHSA-4r6g-xhx7-fm36
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4r6g-xhx7-fm36/GHSA-4r6g-xhx7-fm36.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-4r6g-xhx7-fm36
- Aliases
-
- CVE-2015-0269
- Published
- 2022-05-17T02:42:22Z
- Modified
- 2024-04-25T23:43:34.734539Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Contao Core directory traversal vulnerability
- Details
-
Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated backend users to view files outside their file mounts or the document root via unspecified vectors.
- Database specific
{ "nvd_published_at": "2017-05-26T17:29:00Z", "cwe_ids": [ "CWE-22" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-04-25T23:15:43Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2015-0269
- https://github.com/contao/core/commit/0229e839b4849e402256b972eb62f89f2c29674d
- https://contao.org/en/news/contao-3_2_19.html
- https://contao.org/en/news/contao-3_4_4.html
- https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html
- https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2015-0269.yaml
- https://github.com/contao/core
Affected packages
Packagist / contao/core
Package
- Name
- contao/core
- Purl
- pkg:composer/contao/core
Packagist / contao/core
Package
- Name
- contao/core
- Purl
- pkg:composer/contao/core
Affected versions
2.*
2.6.0
2.6.1
2.6.2
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
2.6.8
2.7.0
2.7.1
2.7.2
2.7.3
2.7.4
2.7.5
2.7.6
2.7.7
2.8.RC1
2.8.RC2
2.8.0
2.8.1
2.8.2
2.8.3
2.8.4
2.9.RC1
2.9.0
2.9.1
2.9.2
2.9.3
2.9.4
2.9.5
2.10.beta1
2.10.RC1
2.10.0
2.10.1
2.10.2
2.10.3
2.10.4
2.11.RC1
2.11.RC2
2.11.0
2.11.1
2.11.2
2.11.3
2.11.4
2.11.5
2.11.6
2.11.7
2.11.8
2.11.9
2.11.10
2.11.11
2.11.12
2.11.13
2.11.14
2.11.15
2.11.16
2.11.17
3.*
3.0.beta1
3.0.RC1
3.0.RC2
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.1.beta1
3.1.RC1
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5
3.2.beta1
3.2.beta2
3.2.RC1
3.2.0
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5
3.2.6
3.2.7
3.2.8
3.2.9
3.2.10
3.2.11
3.2.12
3.2.13
3.2.14
3.2.15
3.2.16
3.2.17
3.2.18