CVE-2023-40587

🗓️ 25 Aug 2023 21:15:00Reported by ubuntu.comType

ubuntucve

ubuntucve🔗 ubuntu.com👁 45 Views

Path traversal vulnerability in Pyramid 2.0.0 & 2.0.1 allows disclosure of `index.html` using Python 3.1

Reporter	Title	Published	Views	Family All 26
Circl	CVE-2023-40587	26 Aug 202300:14	–	circl
CNNVD	Pyramid 路径遍历漏洞	25 Aug 202300:00	–	cnnvd
CVE	CVE-2023-40587	25 Aug 202320:46	–	cve
Cvelist	CVE-2023-40587 Pyramid static view path traversal up one directory	25 Aug 202320:46	–	cvelist
Debian CVE	CVE-2023-40587	25 Aug 202320:46	–	debiancve
EUVD	EUVD-2023-2313	3 Oct 202520:07	–	euvd
Fedora	[SECURITY] Fedora 38 Update: python-pyramid-2.0.2-1.fc38	5 Sep 202300:41	–	fedora
Fedora	[SECURITY] Fedora 39 Update: python-pyramid-2.0.2-1.fc39	15 Sep 202319:02	–	fedora
Tenable Nessus	Fedora 39 : python-pyramid (2023-70baf5e2fe)	7 Nov 202300:00	–	nessus
Tenable Nessus	Fedora 38 : python-pyramid (2023-b213d84a16)	5 Sep 202300:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Ubuntu	22.04	any	python-pyramid	0	python-pyramid_0_any.deb
Ubuntu	18.04	any	python-pyramid	0	python-pyramid_0_any.deb
Ubuntu	24.04	any	python-pyramid	0	python-pyramid_0_any.deb
Ubuntu	25.10	any	python-pyramid	0	python-pyramid_0_any.deb
Ubuntu	20.04	any	python-pyramid	0	python-pyramid_0_any.deb
Ubuntu	26.04	any	python-pyramid	0	python-pyramid_0_any.deb

Source	Link
github	www.github.com/Pylons/pyramid/security/advisories/GHSA-j8g2-6fc7-q8f8
github	www.github.com/Pylons/pyramid/commit/347d7750da6f45c7436dd0c31468885cc9343c85%20(2.0.2)
github	www.github.com/Pylons/pyramid/commit/347d7750da6f45c7436dd0c31468885cc9343c85
github	www.github.com/python/cpython/issues/106242
github	www.github.com/python/cpython/pull/106816
cve	www.cve.org/CVERecord

11 Jul 2025 07:55Current

6Medium risk

Vulners AI Score6

CVSS 3.14.3 - 5.3

EPSS0.00632

pyramid python path traversal vulnerability static view python 3.11