CVE-2021-39180

🗓️ 31 Aug 2021 17:55:14Reported by GitHub_MType

OpenOLAT LMS prior to 15.3.18, 15.5.3, 16.0.0 allows path traversal via a specially prepared ZIP file, enabling file overwrite and potential code injection

Reporter	Title	Published	Views	Family All 7
Circl	CVE-2021-39180	31 Aug 202122:33	–	circl
CNNVD	OpenOLAT 路径遍历漏洞	31 Aug 202100:00	–	cnnvd
Cvelist	CVE-2021-39180 Path Traversal in Archive Handling Leading to Code Execution	31 Aug 202117:55	–	cvelist
EUVD	EUVD-2021-25574	7 Oct 202500:30	–	euvd
NVD	CVE-2021-39180	31 Aug 202118:15	–	nvd
Prion	Path traversal	31 Aug 202118:15	–	prion
RedhatCVE	CVE-2021-39180	6 Feb 202503:55	–	redhatcve

NVD

Vulners

Node

frentix openolatRange<15.3.18

frentix openolatRange15.4.0–15.5.3

[
  {
    "product": "OpenOLAT",
    "vendor": "OpenOLAT",
    "versions": [
      {
        "status": "affected",
        "version": "< 15.3.18"
      },
      {
        "status": "affected",
        "version": ">= 15.4.0, < 15.5.3"
      }
    ]
  }
]

Source	Link
jira	www.jira.openolat.org/browse/OO-5549
github	www.github.com/OpenOLAT/OpenOLAT/security/advisories/GHSA-x95v-2pgj-9x8j
github	www.github.com/OpenOLAT/OpenOLAT/commit/5668a41ab3f1753102a89757be013487544279d5
github	www.github.com/OpenOLAT/OpenOLAT/commit/2cf73c972e23ccd69cc1e103e43c2c8253571d3e
github	www.github.com/OpenOLAT/OpenOLAT/commit/699490be8e931af0ef1f135c55384db1f4232637

21 Nov 2024 06:18Current

8.7High risk

Vulners AI Score8.7

CVSS 3.18.1 - 8.8

CVSS 29

EPSS0.01222

CWE-22