PT-2018-18100 · Uwsgi+1 · Uwsgi+1

Marios Nicolaides

+2

·

Published

2018-02-26

·

Updated

2023-08-14

·

CVE-2018-7490

CVSS v4.0

8.7

High

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions uWSGI versions prior to 2.0.17
Description The issue arises from the mishandling of a DOCUMENT ROOT check during the use of the --php-docroot option, allowing directory traversal.
Recommendations For versions prior to 2.0.17, update to version 2.0.17 or later to resolve the issue.

Exploit

Fix

Path traversal

Weakness Enumeration

CWE-22

Related Identifiers

ALT-PU-2019-3150
ALT-PU-2023-4765
CVE-2018-7490
DSA-4142-1
GHSA-H2VM-C85R-5VH5
PYSEC-2018-78

Affected Products

Alt Linux
Uwsgi