CVE-2018-19052

2018-11-07T05:29:00
ID CVE-2018-19052
Type cve
Reporter cve@mitre.org
Modified 2019-10-21T00:15:00

Description

An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.