oss-sec mailing list archives

Re: CVE Request for read-only directory traversal in Etherpad Minify

From: cve-assign () mitre org
Date: Fri, 10 Apr 2015 21:49:51 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Backslashes are replaced with slashes in
the path parameter of HTTP API calls after path normalization

https://github.com/ether/etherpad-lite/commit/9d4e5f6e35153129377206ef545d4965afae627d


Use CVE-2015-3297.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVKH0mAAoJEKllVAevmvmsENgH/0FWEJl/AaToR484pgrOpafC
/WbiO8TTlZ9+TOmdnsQ6eLKMUJ+vH+jMuSp4yHqxwN/hwXmNSVCPhsVfI1ei1C4D
R3/O6kY9Blf4N/8bpqyLJglna7NZmvdCFF/e3P+uRV/WN6rK/d1M3awEai57K+k4
CNNBCsjxotGOOo4p1GDKJz1NGFi8lunlLvfCO4pe4WjiQsF3adOg3gLpk/T3aAJr
SsDRkS2E7T8MokPf2+MLi8kM7dVif5V6HMjlK85RTLFt2nI0xlRKsLAqOxpg2jY9
KPQqQugj1aBW9ZZtNUgCuSelbzqytLfsGTA7CyM+HD+JpV34NqCmjNM07smCTdg=
=ccJQ
-----END PGP SIGNATURE-----

Current thread:

CVE Request for read-only directory traversal in Etherpad Minify Jeremy Stanley (Apr 10)
- Re: CVE Request for read-only directory traversal in Etherpad Minify cve-assign (Apr 10)
- Corrections to CVE-2015-3297 Jeremy Stanley (Apr 12)