Lucene search

GoogleOSV:CVE-2018-7490

HistoryFeb 26, 2018 - 10:29 p.m.

CVE-2018-7490

2018-02-2622:29:00

Google

osv.dev

7.1 High

AI Score

Confidence

Low

0.949 High

EPSS

Percentile

99.3%

JSON

uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal.

CPENameOperatorVersion
uwsgieq1.9.15
uwsgieq2.0.14-r0
uwsgieq1.4.3-r0
uwsgieq1.0-rc10
uwsgieq2.0.13.1-r2
uwsgieq1.9.20-r4
uwsgieq2.0.10
uwsgieq2.0.12
uwsgieq1.9.2
uwsgieq2.0.9-r0

Name	Operator	Version
uwsgi	eq	1.9.15
uwsgi	eq	2.0.14-r0
uwsgi	eq	1.4.3-r0
uwsgi	eq	1.0-rc10
uwsgi	eq	2.0.13.1-r2
uwsgi	eq	1.9.20-r4
uwsgi	eq	2.0.10
uwsgi	eq	2.0.12
uwsgi	eq	1.9.2
uwsgi	eq	2.0.9-r0

Rows per page:

1-10 of 1601

References

uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.17.html

www.debian.org/security/2018/dsa-4142

www.exploit-db.com/exploits/44223/