CVE-2021-41279: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

November 26, 2021 (updated November 30, 2021)

BaserCMS is an open source content management system with a focus on Japanese language support. Users with upload privilege may upload crafted zip files capable of path traversal on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users.

References

github.com/baserproject/basercms/commit/d8ab0a81a7bce35cc95ff7dff851a7e87a084336
github.com/baserproject/basercms/security/advisories/GHSA-4x2f-54wr-4hjg
nvd.nist.gov/vuln/detail/CVE-2021-41279

Code Behaviors & Features

Detect and mitigate CVE-2021-41279 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →