Uploaded image for project: 'Red Hat OpenShift Data Science'
  1. Red Hat OpenShift Data Science
  2. RHODS-2020

mkdocs: Directory traversal in dev-server

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Normal Normal
    • None
    • None
    • Security
    • None
    • False
    • False
    • No
    • No
    • No
    • Pending
    • None

      The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information.

      References:

      https://github.com/nisdn/CVE-2021-40978
      https://github.com/mkdocs/mkdocs

      Upstream issue: https://github.com/mkdocs/mkdocs/issues/2601

              Unassigned Unassigned
              lnacshon Luiza Nacshon (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: