CVE-2006-0847 – cherrypy

Package

Manager: pip
Name: cherrypy
Vulnerable Version: >=0 <2.1.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00848 pctl0.74013

Details

CherryPy Directory traversal vulnerability Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors.

Metadata

Created: 2022-05-01T06:43:18Z
Modified: 2024-09-13T17:48:35Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vx77-5pf4-c9wr/GHSA-vx77-5pf4-c9wr.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-vx77-5pf4-c9wr
Finding: F063
Auto approve: 1