'[oss-security] Re: CVE Request for read-only directory traversal in Etherpad frontend tests'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: CVE Request for read-only directory traversal in Etherpad frontend tests
From:       cve-assign () mitre ! org
Date:       2015-05-26 10:26:05
Message-ID: 20150526102605.DC177B2E7E1 () smtpvbsrv1 ! mitre ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There was no earlier reply. Note that the first message in the thread
apparently had an "Re: " at the beginning of the Subject line:

  http://openwall.com/lists/oss-security/2015/04/11/10

> a vulnerability in the frontend tests of previous Etherpad releases,
> which are enabled by default.

> https://github.com/ether/etherpad-lite/commit/5409eb314c4e072b9760b8d30b985fa0bb96a006

> fix an issue in the path handling that allowed directory traversal
>
> node/hooks/express/tests.js

Use CVE-2015-4085.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVZEm8AAoJEKllVAevmvms8HMH/A0DtXVdlWKIQvo6tmFK4MEI
1G2GQ5VTQWGEBu3hoKiOMwXSd/iuodT24dTUGy0CnSjdByisaO4TpaFGumkosQ0u
oLaCl9NE4aCgdoEpL5FliPl5KOAmhBcgfj19shpfVjbDChSMzYRmdLGnT36tWjL1
Y2fnuKMVktULyNnYXShae4kr/Mud4TW1cSXfhZPgB7MIIF4mO+1BoFE6wrqDM8QS
zMF/mSBElDFnvRBvi4B+m9noEagoTjR+jBsb1ebvC0Nkg8ne9r5Q/Hp+9Mb5z1bf
nWfqXUHQ7DY6kIA7Y2bueNC8+45ZnTyhC1pHxEABRaJHfGegRCKTp63Kx8bg9rA=
=OCMJ
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic