CVE-2016-1505 – radicale

Package

Manager: pip
Name: radicale
Vulnerable Version: >=0 <1.1

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01349 pctl0.79355

Details

Radicale is vulnerable to directory traversal on Windows Filesystem Storage Backend component The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore.

Metadata

Created: 2022-05-17T03:43:03Z
Modified: 2023-08-02T22:33:28Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-84cw-mxhv-qvv4/GHSA-84cw-mxhv-qvv4.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-84cw-mxhv-qvv4
Finding: F063
Auto approve: 1