CVE-2021-40978

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-40978
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-40978.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-40978
Aliases
Withdrawn
2021-10-08T16:26:29Z
Published
2021-10-07T14:15:08Z
Modified
2024-10-12T08:26:46.994722Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601.] and https://github.com/nisdn/CVE-2021-40978/issues/1

References

Affected packages

Debian:11 / python-mkdocs

Package

Name
python-mkdocs
Purl
pkg:deb/debian/python-mkdocs?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.1.2+dfsg-1
1.1.2+dfsg-2
1.2.3-1
1.3.0+dfsg-1
1.3.0+dfsg-2
1.4.0+dfsg-1
1.4.0+dfsg-2
1.4.0+dfsg-3
1.4.1+dfsg-1
1.4.2+dfsg-1
1.4.2+dfsg-2
1.5.2+dfsg-1
1.5.3+dfsg-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / python-mkdocs

Package

Name
python-mkdocs
Purl
pkg:deb/debian/python-mkdocs?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.2+dfsg-2
1.5.2+dfsg-1
1.5.3+dfsg-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / python-mkdocs

Package

Name
python-mkdocs
Purl
pkg:deb/debian/python-mkdocs?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.2+dfsg-2
1.5.2+dfsg-1
1.5.3+dfsg-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Git / github.com/mkdocs/mkdocs

Affected ranges

Type
GIT
Repo
https://github.com/mkdocs/mkdocs
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

0.*

0.11
0.11.1
0.12.0
0.12.1
0.13.0
0.13.1
0.13.2
0.14.0
0.15.0
0.15.1
0.15.2
0.15.3
0.16.0
0.16.1
0.16.3
0.17.0
0.17.1
0.17.2
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9

1.*

1.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0a1
1.0b1
1.0rc1
1.1
1.1.1
1.1.2
1.2
1.2.1
1.2.2