[pkg-uWSGI-devel] Bug#891639: uwsgi: CVE-2018-7490: Mishandled DOCUMENT_ROOT check with use of --php-docroot option allows for directory traversal
Salvatore Bonaccorso
carnil at debian.org
Tue Feb 27 15:58:06 UTC 2018
Source: uwsgi
Version: 2.0.7-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for uwsgi.
CVE-2018-7490[0]:
| uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the
| --php-docroot option, allowing directory traversal.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-7490
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7490
[1] https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.17.html
Regards,
Salvatore
More information about the pkg-uWSGI-devel
mailing list