CVE-2011-1589

Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
VendorProductVersion
mojoliciousmojolicious
0.2
mojoliciousmojolicious
0.3
mojoliciousmojolicious
0.4
mojoliciousmojolicious
0.5
mojoliciousmojolicious
0.6
mojoliciousmojolicious
0.7
mojoliciousmojolicious
0.8
mojoliciousmojolicious
0.8.1
mojoliciousmojolicious
0.8.2
mojoliciousmojolicious
0.8.3
mojoliciousmojolicious
0.8.4
mojoliciousmojolicious
0.8.5
mojoliciousmojolicious
0.9
mojoliciousmojolicious
0.8006
mojoliciousmojolicious
0.8007
mojoliciousmojolicious
0.8008
mojoliciousmojolicious
0.8009
mojoliciousmojolicious
0.9001
mojoliciousmojolicious
0.9002
mojoliciousmojolicious
0.991231
mojoliciousmojolicious
0.991232
mojoliciousmojolicious
0.991233
mojoliciousmojolicious
0.991234
mojoliciousmojolicious
0.991235
mojoliciousmojolicious
0.991236
mojoliciousmojolicious
0.991237
mojoliciousmojolicious
0.991238
mojoliciousmojolicious
0.991239
mojoliciousmojolicious
0.991240
mojoliciousmojolicious
0.991241
mojoliciousmojolicious
0.991242
mojoliciousmojolicious
0.991243
mojoliciousmojolicious
0.991244
mojoliciousmojolicious
0.991245
mojoliciousmojolicious
0.991246
mojoliciousmojolicious
0.991250
mojoliciousmojolicious
0.991251
mojoliciousmojolicious
0.999901
mojoliciousmojolicious
0.999902
mojoliciousmojolicious
0.999903
mojoliciousmojolicious
0.999904
mojoliciousmojolicious
0.999905
mojoliciousmojolicious
0.999906
mojoliciousmojolicious
0.999907
mojoliciousmojolicious
0.999908
mojoliciousmojolicious
0.999909
mojoliciousmojolicious
0.999910
mojoliciousmojolicious
0.999911
mojoliciousmojolicious
0.999912
mojoliciousmojolicious
0.999913
mojoliciousmojolicious
0.999914
mojoliciousmojolicious
0.999920
mojoliciousmojolicious
0.999921
mojoliciousmojolicious
0.999922
mojoliciousmojolicious
0.999923
mojoliciousmojolicious
0.999924
mojoliciousmojolicious
0.999925
mojoliciousmojolicious
0.999926
mojoliciousmojolicious
0.999927
mojoliciousmojolicious
0.999928
mojoliciousmojolicious
0.999929
mojoliciousmojolicious
0.999930
mojoliciousmojolicious
0.999931
mojoliciousmojolicious
0.999932
mojoliciousmojolicious
0.999933
mojoliciousmojolicious
0.999934
mojoliciousmojolicious
0.999935
mojoliciousmojolicious
0.999936
mojoliciousmojolicious
0.999937
mojoliciousmojolicious
0.999938
mojoliciousmojolicious
0.999939
mojoliciousmojolicious
0.999940
mojoliciousmojolicious
0.999941
mojoliciousmojolicious
0.999950
mojoliciousmojolicious
1.0
mojoliciousmojolicious
1.1
mojoliciousmojolicious
1.01
mojoliciousmojolicious
1.11
mojoliciousmojolicious
1.12
mojoliciousmojolicious
1.13
mojoliciousmojolicious
1.14
mojoliciousmojolicious
1.15
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libmojolicious-perl
bullseye
8.71+dfsg-1
fixed
bookworm
9.31+dfsg-1
fixed
sid
9.38+dfsg-1
fixed
trixie
9.38+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libmojolicious-perl
quantal
not-affected
precise
not-affected
oneiric
not-affected
natty
ignored
maverick
dne
lucid
dne
hardy
dne
dapper
dne
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952
http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.16/Changes
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058885.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058891.html
http://openwall.com/lists/oss-security/2011/04/17/1
http://openwall.com/lists/oss-security/2011/04/18/3
http://openwall.com/lists/oss-security/2011/04/18/7
http://perlninja.posterous.com/sharks-in-the-water
http://search.cpan.org/CPAN/authors/id/K/KR/KRAIH/Mojolicious-1.16.tar.gz
http://secunia.com/advisories/44051
http://secunia.com/advisories/44359
http://www.debian.org/security/2011/dsa-2221
http://www.osvdb.org/71850
http://www.securityfocus.com/bid/47402
http://www.vupen.com/english/advisories/2011/1072
http://www.vupen.com/english/advisories/2011/1093
https://bugzilla.redhat.com/show_bug.cgi?id=697229
https://exchange.xforce.ibmcloud.com/vulnerabilities/66830
https://github.com/kraih/mojo/commit/b09854988c5b5b6a2ba53cc8661c4b2677da3818
https://github.com/kraih/mojo/issues/114
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952
http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.16/Changes
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058885.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058891.html
http://openwall.com/lists/oss-security/2011/04/17/1
http://openwall.com/lists/oss-security/2011/04/18/3
http://openwall.com/lists/oss-security/2011/04/18/7
http://perlninja.posterous.com/sharks-in-the-water
http://search.cpan.org/CPAN/authors/id/K/KR/KRAIH/Mojolicious-1.16.tar.gz
http://secunia.com/advisories/44051
http://secunia.com/advisories/44359
http://www.debian.org/security/2011/dsa-2221
http://www.osvdb.org/71850
http://www.securityfocus.com/bid/47402
http://www.vupen.com/english/advisories/2011/1072
http://www.vupen.com/english/advisories/2011/1093
https://bugzilla.redhat.com/show_bug.cgi?id=697229
https://exchange.xforce.ibmcloud.com/vulnerabilities/66830
https://github.com/kraih/mojo/commit/b09854988c5b5b6a2ba53cc8661c4b2677da3818
https://github.com/kraih/mojo/issues/114