oss-sec mailing list archives
Re: CVE Request for read-only directory traversal in Etherpad frontend tests
From: cve-assign () mitre org
Date: Tue, 26 May 2015 06:26:05 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There was no earlier reply. Note that the first message in the thread apparently had an "Re: " at the beginning of the Subject line: http://openwall.com/lists/oss-security/2015/04/11/10
a vulnerability in the frontend tests of previous Etherpad releases, which are enabled by default.
https://github.com/ether/etherpad-lite/commit/5409eb314c4e072b9760b8d30b985fa0bb96a006
fix an issue in the path handling that allowed directory traversal node/hooks/express/tests.js
Use CVE-2015-4085. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVZEm8AAoJEKllVAevmvms8HMH/A0DtXVdlWKIQvo6tmFK4MEI 1G2GQ5VTQWGEBu3hoKiOMwXSd/iuodT24dTUGy0CnSjdByisaO4TpaFGumkosQ0u oLaCl9NE4aCgdoEpL5FliPl5KOAmhBcgfj19shpfVjbDChSMzYRmdLGnT36tWjL1 Y2fnuKMVktULyNnYXShae4kr/Mud4TW1cSXfhZPgB7MIIF4mO+1BoFE6wrqDM8QS zMF/mSBElDFnvRBvi4B+m9noEagoTjR+jBsb1ebvC0Nkg8ne9r5Q/Hp+9Mb5z1bf nWfqXUHQ7DY6kIA7Y2bueNC8+45ZnTyhC1pHxEABRaJHfGegRCKTp63Kx8bg9rA= =OCMJ -----END PGP SIGNATURE-----
Current thread:
- Re: CVE Request for read-only directory traversal in Etherpad frontend tests Jeremy Stanley (Apr 11)
- Re: Re: CVE Request for read-only directory traversal in Etherpad frontend tests Jeremy Stanley (May 23)
- Re: CVE Request for read-only directory traversal in Etherpad frontend tests cve-assign (May 26)
- Re: Re: CVE Request for read-only directory traversal in Etherpad frontend tests Jeremy Stanley (May 23)