6.6 Medium
AI Score
Confidence
Low
0.954 High
EPSS
Percentile
99.4%
uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal.
DOCUMENT_ROOT
--php-docroot
github.com/advisories/GHSA-h2vm-c85r-5vh5
github.com/unbit/uwsgi/commit/0a480f435ea6feb63deb410ad2bf376ed3f05f8a
nvd.nist.gov/vuln/detail/CVE-2018-7490
uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.17.html
www.debian.org/security/2018/dsa-4142
www.exploit-db.com/exploits/44223