CVE-2021-33896: Path Traversal
First published: Mon Jun 07 2021(Updated: )
Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (only for creation of new files) via URI-encoded path separators.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dino Dino | <0.1.2 | |
| Dino Dino | >=0.2.0<0.2.1 | |
| Fedoraproject Fedora | =33 | |
| Fedoraproject Fedora | =34 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2021/06/07/2
- https://dino.im/blog/
- https://dino.im/security/cve-2021-33896/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODN4ZSTBYIW25DO3FNRK6FQRGSYGT57I/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P55V3TVSVXREOJAJRXNUSBEUZFOU54V3/
Frequently Asked Questions
What is CVE-2021-33896?
CVE-2021-33896 is a vulnerability in the Dino software before versions 0.1.2 and 0.2.x before 0.2.1 that allows directory traversal during the creation of new files.
What is the severity of CVE-2021-33896?
CVE-2021-33896 has a severity value of 5.3, which is considered medium.
Which software versions are affected by CVE-2021-33896?
The Dino software versions before 0.1.2 and 0.2.x before 0.2.1 are affected by CVE-2021-33896.
What is the CWE ID associated with CVE-2021-33896?
CVE-2021-33896 is associated with CWE ID 22.
How can I fix CVE-2021-33896?
To fix CVE-2021-33896, update your Dino software to version 0.1.2 or 0.2.1 or later.
- collector/nvd-index
- vendor/dino
- canonical/dino dino
- version/dino dino/0.2.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/33
- version/fedoraproject fedora/34