GHSA-q7mf-hp9m-cx6f

Suggest an improvement
Source
https://github.com/advisories/GHSA-q7mf-hp9m-cx6f
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-q7mf-hp9m-cx6f/GHSA-q7mf-hp9m-cx6f.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-q7mf-hp9m-cx6f
Aliases
  • CVE-2004-1444
Published
2022-04-29T02:59:35Z
Modified
2024-12-03T05:30:09.723281Z
Summary
Roundup Directory traversal vulnerability
Details

Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. (dot dot) sequences in an @@ command in an HTTP GET request.

Database specific
{
    "nvd_published_at": "2004-12-31T05:00:00Z",
    "cwe_ids": [
        "CWE-22"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-09T16:05:51Z"
}
References

Affected packages

PyPI / roundup

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.7.3

Affected versions

0.*

0.5.9
0.6.8
0.6.9
0.6.11
0.7.0b3
0.7.0
0.7.1
0.7.2

Database specific

{
    "last_known_affected_version_range": "<= 0.6.4"
}