CVE-2018-7490: uWSGI Directory Traversal vulnerability
(updated )
uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal.
References
- github.com/advisories/GHSA-h2vm-c85r-5vh5
- github.com/pypa/advisory-database/tree/main/vulns/uwsgi/PYSEC-2018-78.yaml
- github.com/unbit/uwsgi
- github.com/unbit/uwsgi/commit/0a480f435ea6feb63deb410ad2bf376ed3f05f8a
- nvd.nist.gov/vuln/detail/CVE-2018-7490
- uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.17.html
- www.debian.org/security/2018/dsa-4142
- www.exploit-db.com/exploits/44223
Code Behaviors & Features
Detect and mitigate CVE-2018-7490 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →