oss-sec mailing list archives
Re: CVE request: didiwiki path traversal vulnerability
From: cve-assign () mitre org
Date: Fri, 19 Feb 2016 15:05:20 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
https://github.com/OpenedHand/didiwiki/pull/1/files https://github.com/yarolig/didiwiki/commit/5e5c796617e1712905dc5462b94bd5e6c08d15ea curl http://localhost:8000/api/page/get?page=/etc/passwd
We can assign a CVE ID if there is going to be a DSA.
The Debian Security team is planning on publishing a DSA
Use CVE-2013-7448. There is no CVE ID for the theoretical C:\file.txt attack on Windows. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWx3R3AAoJEL54rhJi8gl56FIQAKhiDXHz+ZfYJW3Q8yQsOTGY NCWQd87pKkg9glEACwCi/G+xbuPAW2MabkvYu5EPVvggtiIl0HHcVal+NCg4k8wW 1ObCjslioox7lU4O/AZMiSfv7RwfadM2Bsg16jKIo1E6MmkaTcFepOwJK3G5NWuA HavNfY28wH1XzGp5SH6TDW343dXaJb9yzOBsGxn5UlEbs5piS5tiPe11+l1vO/eW rEA2USyXgtsSxu/vJruGzYxRiztwDaiJkT9n6avTKTcwO2Y7qkVeeDxzLAOG1iq2 zM6Xvc2ejB5qmMBU0Oo75CE1MdcXZKhQ/62+zs3JrlKamD+8MoObW4YUWUKHQmLm /XOQ+lbFYhNkuaPz/xvZwiCT68acVuaSQomEge2bcDHPbAALO2v6WYubGlZO/h1g NARKJsPHYJfV4zIqtslReCbPAGW4caWkCnfJXLm0AqlGWXIKrjx2U/XtDCm00fy+ 4AA4b2THlYjFkvnzQaZzpkYjZH8V15VgockWctCUHmiY8HVQR8SDagNB0vcNN7yU e10DNt2PVwzS2iXewwx4P7sZmEPampGD3cOlH1bQklA4qBMcd2erRdoeL8N+aWAs XBBcuZVFHXNP6F4HAg/1ZM1sxxFmirFnQ9TTsCk8Lu6pT4XJWYk7s83e3yrwjslc AKbuwf1evPPl83oPO1Bs =jQSe -----END PGP SIGNATURE-----
Current thread:
- CVE request: didiwiki path traversal vulnerability Ignace Mouzannar (Feb 19)
- Re: CVE request: didiwiki path traversal vulnerability cve-assign (Feb 19)
- Re: CVE request: didiwiki path traversal vulnerability Ignace Mouzannar (Feb 19)
- Re: CVE request: didiwiki path traversal vulnerability cve-assign (Feb 19)
- Re: CVE request: didiwiki path traversal vulnerability Ignace Mouzannar (Feb 19)
- Re: CVE request: didiwiki path traversal vulnerability cve-assign (Feb 19)