uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal.
CVSS Details
- CVSS 3.1 Base Score: 7.5
- CVSS 3.0 Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Covered by Rapid7
| Product | Vendor Advisory | Solution File | Added | Published |
|---|---|---|---|---|
| Alpine Linux | alpine-linux-upgrade-uwsgi | Apr 2, 2018 | Feb 26, 2018 | |
| Debian | debian-upgrade-uwsgi | Mar 20, 2018 | Feb 26, 2018 | |
| Ubuntu | ubuntu-upgrade-uwsgi | Nov 19, 2024 | Feb 26, 2018 |
Prioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub