Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cherrypy | cherrypy | 0.6 |
| cherrypy | cherrypy | 2.0.0 |
| cherrypy | cherrypy | 2.0.0a1 |
| cherrypy | cherrypy | 0.1 |
| cherrypy | cherrypy | 2.1.0_rc1 |
| cherrypy | cherrypy | 2.1.0_beta |
| cherrypy | cherrypy | 0.7 |
| cherrypy | cherrypy | 0.3 |
| cherrypy | cherrypy | 0.9_beta |
| cherrypy | cherrypy | 2.1.0 |
| cherrypy | cherrypy | 0.9_rc1 |
| cherrypy | cherrypy | 0.4 |
| cherrypy | cherrypy | 2.1.0_rc2 |
| cherrypy | cherrypy | 0.8_beta |
| cherrypy | cherrypy | 0.10 |
| cherrypy | cherrypy | 0.10_rc1 |
| cherrypy | cherrypy | 0.8 |
| cherrypy | cherrypy | 0.2 |
| cherrypy | cherrypy | 0.5 |
| cherrypy | cherrypy | 0.9 |
| cherrypy | cherrypy | 0.9_gamma |
| cherrypy | cherrypy | 0.10_beta |