PYSEC-2018-78

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/uwsgi/PYSEC-2018-78.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2018-78

Aliases

CVE-2018-7490
GHSA-h2vm-c85r-5vh5

Published

2018-02-26T22:29:00Z

Modified

2024-04-29T11:41:31.764045Z

Summary

[none]

Details

uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal.

References

https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.17.html
https://www.exploit-db.com/exploits/44223/
https://www.debian.org/security/2018/dsa-4142

Affected packages

PyPI / uwsgi

Package

Name: uwsgi; View open source insights on deps.dev
Purl: pkg:pypi/uwsgi

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.17

Affected versions

1.*

1.4.9

1.4.10

1.9

1.9.1

1.9.2

1.9.3

1.9.4

1.9.5

1.9.6

1.9.7

1.9.8

1.9.9

1.9.10

1.9.11

1.9.12

1.9.13

1.9.14

1.9.15

1.9.16

1.9.17

1.9.17.1

1.9.18

1.9.18.1

1.9.18.2

1.9.19

1.9.20

1.9.21

1.9.21.1

2.*

2.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.5.1

2.0.6

2.0.7

2.0.8

2.0.9

2.0.10

2.0.11

2.0.11.1

2.0.11.2

2.0.12

2.0.13

2.0.13.1

2.0.14

2.0.15

2.0.16