DSA-4142-1 uwsgi -- uwsgiID: oval:org.secpod.oval:def:603316 | Date: (C)2018-03-20 (M)2023-04-27 |
Class: PATCH | Family: unix |
Marios Nicolaides discovered that the PHP plugin in uWSGI, a fast, self-healing application container server, does not properly handle a DOCUMENT_ROOT check during use of the --php-docroot option, allowing a remote attacker to mount a directory traversal attack and gain unauthorized read access to sensitive files located outside of the web root directory.
Platform: |
Debian 8.x |
Debian 9.x |
Product: |
uwsgi |
libapache2-mod-uwsgi |
python-uwsgidecorators |
python3-uwsgidecorators |
libapache2-mod-proxy-uwsgi |
libapache2-mod-ruwsgi |