GHSA-q7mf-hp9m-cx6f
Suggest an improvement- Source
- https://github.com/advisories/GHSA-q7mf-hp9m-cx6f
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-q7mf-hp9m-cx6f/GHSA-q7mf-hp9m-cx6f.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-q7mf-hp9m-cx6f
- Aliases
-
- CVE-2004-1444
- Published
- 2022-04-29T02:59:35Z
- Modified
- 2024-12-03T05:30:09.723281Z
- Summary
- Roundup Directory traversal vulnerability
- Details
-
Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via
..(dot dot) sequences in an@@command in an HTTP GET request. - Database specific
{ "nvd_published_at": "2004-12-31T05:00:00Z", "github_reviewed_at": "2024-05-09T16:05:51Z", "severity": "MODERATE", "cwe_ids": [ "CWE-22" ], "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2004-1444
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16350
- https://github.com/roundup-tracker/roundup
- http://packetstormsecurity.nl/0406-exploits/roundUP.txt
- http://secunia.com/advisories/11801
- http://securitytracker.com/id?1010415
- http://sourceforge.net/tracker/index.php?func=detail&aid=961511&group_id=31577&atid=402788
- http://www.gentoo.org/security/en/glsa/glsa-200408-09.xml
- http://www.securityfocus.com/bid/10495
Affected packages
PyPI / roundup
Package
- Name
- roundup
- View open source insights on deps.dev
- Purl
- pkg:pypi/roundup