Skip to content

Roundup Directory traversal vulnerability

Moderate severity GitHub Reviewed Published Apr 29, 2022 to the GitHub Advisory Database • Updated May 9, 2024

Package

pip Roundup (pip)

Affected versions

<= 0.6.4

Patched versions

0.7.3

Description

Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. (dot dot) sequences in an @@ command in an HTTP GET request.

References

Published by the National Vulnerability Database Dec 31, 2004
Published to the GitHub Advisory Database Apr 29, 2022
Reviewed May 9, 2024
Last updated May 9, 2024

Severity

Moderate

EPSS score

1.899%
(89th percentile)

Weaknesses

CVE ID

CVE-2004-1444

GHSA ID

GHSA-q7mf-hp9m-cx6f

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.