admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-31 02:31:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-402xx/CVE-2023-40274.json

24 lines
957 B
JSON
Raw Normal View History

Auto-Update: 2023-08-14T02:00:28.192433+00:00
2023-08-14 02:00:32 +00:00
{
"id": "CVE-2023-40274",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-14T01:15:47.307",
Auto-Update: 2023-08-14T14:00:31.955652+00:00
2023-08-14 14:00:35 +00:00
"lastModified": "2023-08-14T13:06:21.347",
"vulnStatus": "Awaiting Analysis",
Auto-Update: 2023-08-14T02:00:28.192433+00:00
2023-08-14 02:00:32 +00:00
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in zola 0.13.0 through 0.17.2. The custom implementation of a web server, available via the \"zola serve\" command, allows directory traversal. The handle_request function, used by the server to process HTTP requests, does not account for sequences of special path control characters (../) in the URL when serving a file, which allows one to escape the webroot of the server and read arbitrary files from the filesystem."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/getzola/zola/issues/2257",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/getzola/zola/pull/2258",
"source": "cve@mitre.org"
}
]
}
Reference in New Issue Copy Permalink