Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ViewVC's standalone server exposes arbitrary server filesystem content
Vulnerability Description
ViewVC is a browser interface for CVS and Subversion version control repositories. In versions 1.1.0 through 1.1.31 and 1.2.0 through 1.2.3, the standalone.py script provided in the ViewVC distribution can expose the contents of the host server's filesystem though a directory traversal-style attack. This is fixed in versions 1.1.31 and 1.2.4.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
ViewVC 路径遍历漏洞
Vulnerability Description
ViewVC是ViewVC开源的一款基于Web的CVS、SVN代码仓库浏览工具。 ViewVC 1.1.0至1.1.31版本和1.2.0至1.2.3版本存在路径遍历漏洞,该漏洞源于standalone.py脚本存在目录遍历,可能导致主机文件系统内容泄露。
CVSS Information
N/A
Vulnerability Type
N/A