PT-2022-12568 · Unknown · Webp Server Go

Li8U99O

Published

2022-01-19

Updated

2022-01-25

CVE-2021-46104

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions webp server go version 0.4.0

Description An issue was discovered in the software, which is a directory traversal vulnerability that can read arbitrary file information on the server.

Recommendations For webp server go version 0.4.0, consider restricting access to sensitive files and directories on the server to minimize the risk of exploitation until a patch is available. As a temporary workaround, review server configurations to limit directory traversal capabilities. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2021-46104

Affected Products

Webp Server Go

PT-2022-12568 · Unknown · Webp Server Go

CVE-2021-46104

Weakness Enumeration

Related Identifiers

Affected Products

References · 5