mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
107 lines
3.6 KiB
JSON
107 lines
3.6 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "cve@mitre.org",
|
|
"ID": "CVE-2008-4129",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "n/a",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "n/a"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "GLSA-200811-02",
|
|
"refsource": "GENTOO",
|
|
"url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
|
|
},
|
|
{
|
|
"name": "33144",
|
|
"refsource": "SECUNIA",
|
|
"url": "http://secunia.com/advisories/33144"
|
|
},
|
|
{
|
|
"name": "gallery-ziparchives-information-disclosure(45228)",
|
|
"refsource": "XF",
|
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45228"
|
|
},
|
|
{
|
|
"name": "31912",
|
|
"refsource": "SECUNIA",
|
|
"url": "http://secunia.com/advisories/31912"
|
|
},
|
|
{
|
|
"name": "32662",
|
|
"refsource": "SECUNIA",
|
|
"url": "http://secunia.com/advisories/32662"
|
|
},
|
|
{
|
|
"name": "FEDORA-2008-11258",
|
|
"refsource": "FEDORA",
|
|
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
|
|
},
|
|
{
|
|
"name": "31231",
|
|
"refsource": "BID",
|
|
"url": "http://www.securityfocus.com/bid/31231"
|
|
},
|
|
{
|
|
"name": "http://gallery.menalto.com/gallery_2.2.6_released",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://gallery.menalto.com/gallery_2.2.6_released"
|
|
},
|
|
{
|
|
"name": "http://gallery.menalto.com/gallery_1.5.9_released",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://gallery.menalto.com/gallery_1.5.9_released"
|
|
},
|
|
{
|
|
"name": "FEDORA-2008-11230",
|
|
"refsource": "FEDORA",
|
|
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
|
|
}
|
|
]
|
|
}
|
|
} |