PYSEC-2022-43018

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/wsgidav/PYSEC-2022-43018.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2022-43018

Aliases

Published

2022-11-11T21:15:00Z

Modified

2023-11-08T04:10:35.080565Z

Summary

[none]

Details

WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting (XSS) attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set dir_browser.enable = False in the configuration.

References

Affected packages

PyPI / wsgidav

Package

Name: wsgidav; View open source insights on deps.dev
Purl: pkg:pypi/wsgidav

Affected ranges

Type: GIT
Repo: https://github.com/mar10/wsgidav
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e9606ab0f42f4c1a6611bc3c52de299b0aba7726

Type: ECOSYSTEM
Events: Introduced

3.0.0

Fixed

4.1.0

Affected versions

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.5a2

3.0.5a3

3.1.0

3.1.1

4.*

4.0.0a2

4.0.0

4.0.1

4.0.2