oss-sec mailing list archives
Re: CVE Request for read-only directory traversal in Etherpad Minify
From: cve-assign () mitre org
Date: Fri, 10 Apr 2015 21:49:51 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Backslashes are replaced with slashes in the path parameter of HTTP API calls after path normalization
https://github.com/ether/etherpad-lite/commit/9d4e5f6e35153129377206ef545d4965afae627d
Use CVE-2015-3297. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVKH0mAAoJEKllVAevmvmsENgH/0FWEJl/AaToR484pgrOpafC /WbiO8TTlZ9+TOmdnsQ6eLKMUJ+vH+jMuSp4yHqxwN/hwXmNSVCPhsVfI1ei1C4D R3/O6kY9Blf4N/8bpqyLJglna7NZmvdCFF/e3P+uRV/WN6rK/d1M3awEai57K+k4 CNNBCsjxotGOOo4p1GDKJz1NGFi8lunlLvfCO4pe4WjiQsF3adOg3gLpk/T3aAJr SsDRkS2E7T8MokPf2+MLi8kM7dVif5V6HMjlK85RTLFt2nI0xlRKsLAqOxpg2jY9 KPQqQugj1aBW9ZZtNUgCuSelbzqytLfsGTA7CyM+HD+JpV34NqCmjNM07smCTdg= =ccJQ -----END PGP SIGNATURE-----
Current thread:
- CVE Request for read-only directory traversal in Etherpad Minify Jeremy Stanley (Apr 10)
- Re: CVE Request for read-only directory traversal in Etherpad Minify cve-assign (Apr 10)
- Corrections to CVE-2015-3297 Jeremy Stanley (Apr 12)