Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (only for creation of new files) via URI-encoded path separators.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2021/06/07/2 | Mailing List Patch Third Party Advisory |
https://dino.im/blog/ | Vendor Advisory |
https://dino.im/security/cve-2021-33896/ | Patch Vendor Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ODN4ZSTBYIW25DO3FNRK6FQRGSYGT57I/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P55V3TVSVXREOJAJRXNUSBEUZFOU54V3/ |
Configurations
History
17 Jun 2021, 16:18
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODN4ZSTBYIW25DO3FNRK6FQRGSYGT57I/ - Not Applicable, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P55V3TVSVXREOJAJRXNUSBEUZFOU54V3/ - Third Party Advisory |
16 Jun 2021, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Jun 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Jun 2021, 20:05
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:dino:dino:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/06/07/2 - Mailing List, Patch, Third Party Advisory | |
References | (CONFIRM) https://dino.im/security/cve-2021-33896/ - Patch, Vendor Advisory | |
References | (MISC) https://dino.im/blog/ - Vendor Advisory | |
CWE | CWE-22 |
07 Jun 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Jun 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-06-07 19:15
Updated : 2024-02-04 21:47
NVD link : CVE-2021-33896
Mitre link : CVE-2021-33896
CVE.ORG link : CVE-2021-33896
JSON object : View
Products Affected
dino
- dino
fedoraproject
- fedora
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')