First published: Mon Feb 26 2018(Updated: )
uWSGI before 2.0.17 mishandles a `DOCUMENT_ROOT` check during use of the `--php-docroot` option, allowing directory traversal.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
debian/uwsgi | 2.0.18-1 2.0.19.1-7.1 2.0.21-5.1 2.0.22-4 | |
Unbit uWSGI | <2.0.17 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
pip/uWSGI | <2.0.17 | 2.0.17 |
<2.0.17 | ||
=8.0 | ||
=9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this uWSGI vulnerability is CVE-2018-7490.
The severity level of CVE-2018-7490 is high.
uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal.
Versions 2.0.17 and earlier of uWSGI are affected by this vulnerability.
To fix this vulnerability in uWSGI, update to version 2.0.18-1 or later.