PYSEC-2017-99

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/cherrymusic/PYSEC-2017-99.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2017-99

Aliases

CVE-2015-8309
GHSA-q624-9634-77gh

Published

2017-03-27T15:59:00Z

Modified

2024-04-29T17:26:31.883748Z

Summary

[none]

Details

Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."

References

Affected packages

PyPI / cherrymusic

Package

Name: cherrymusic; View open source insights on deps.dev
Purl: pkg:pypi/cherrymusic

Affected ranges

Type: GIT
Repo: https://github.com/devsnd/cherrymusic
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

62dec34a1ea0741400dd6b6c660d303dcd651e86

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.36.0

Affected versions

0.*

0.30.0

0.31.0

0.31.1

0.31.2

0.32.0

0.33.0

0.34.0

0.34.1

0.35.1

0.35.2

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/cherrymusic/PYSEC-2017-99.yaml"