CPANSA-Jifty-2011-01: Jifty vulnerability

Publisher giterlizzi Document category csaf_informational_advisory
Initial release date 2011-03-17T00:00:00 Engine CSAF Perl Toolkit 0.25
Current release date 2011-03-17T00:00:00 Build Date
Current version 1 Status final
CVSS v3.1 Base Score Severity
Original language Language en
Also referred to

Vulnerability Description

The path as passed in the fragment request data structure was used verbatim in the dispatcher and other locations. This possibly allowed requests to walk around ACLs by requesting '/some/safe/place/../../../dangerous' as a fragment.

giterlizzi

Namespace: https://github.com/giterlizzi/

gdt@cpan.org

References

Revision history

Version Date of the revision Summary of the revision
1 Thu Mar 17 00:00:00 2011 First release

Sharing rules

TLP:WHITE
For the TLP version see: https://www.first.org/tlp/