PT-2018-4739 · Bitty · Bitty

Published

2018-05-31

·

Updated

2019-10-09

·

CVE-2016-10561

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions bitty version 0.2.10
Description The issue concerns a directory traversal vulnerability that can be exploited via the URL path in GET requests. This allows unauthorized access to files outside the intended directory.
Recommendations For version 0.2.10, consider using an alternative module that is actively maintained and provides similar functionality, as the bitty package is not currently maintained. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2016-10561
GHSA-F5MH-HQ6H-WHXV

Affected Products

Bitty